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Introduction 


This manual describes three debuggers available on Sim Workstations™: dbx, 
dbxtool, and adb. This document is intended for competent C, assembler, 
FORTRAN, Modula-2, or Pascal programmers, 

dbx is an interactive, line-oriented, source-level, symbolic debugger. It lets you 
determine where a program crashed, view the values of variables and expres¬ 
sions, set brealqx)ints in the code, and run and trace a program. In addition, 
machine-level and other commands are available to help you debug code. A 
detailed description of how to use dbx is found in Chapter 4 . 

dbxtool is a window-based interface to dbx. Debugging is easier because you 
can use the mouse to enter most commands from redefinable buttons on the 
screen. You can use any of the standard dbx commands in the command win¬ 
dow. A detailed description of how to use dbxtool is found in Chapter 3. 

adb is an interactive, line-oriented, assembly-level debugger. It can be used to 
examine core files to determine why they crashed, and provides a controlled 
environment for program execution. Since it dates back to UNIXf Version 7, it is 
likely to be available on UNIX systems everywhere. Chapters 5 and 6 are tutorial 
introductions to adb for the Sun-2 and -3 and the Sun386i, respectively, and 
Chapter 7 is a reference manual for it 

This manual begins with material about the debuggers of choice, dbxtool and 
dbx. They are much easier to use than adb, and are sufficient for almost all 
debugging tasks, adb is most useful for interactive examination of binary files 
without symbols, patching binary files or object code, debugging programs when 
the source code is not at hand, and debugging the kernel. 

Some programs produce core dumps when an internal bug causes a system fault. 
You can usually produce a core dump by typing f ClRL-S^l while a process is run¬ 
ning. If a process is in the background, or originated from a different process 
group, you can get it to dump core by using the gcore(l) utility. 


t UNIX is a registered trademaik of AT&T. 
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dbx and dbxtool Compared 


2.1. Debugging Modes of Both dbx and dbxtool support five distinct types of debugging; post-mortem, 
dbx and dbxtool live-process, multiple-process, and kernel debugging. References to dbx below 

apply to dbxtool as well. 

You can do post-mortem debugging on a program that has created a core file. 
Using the core file as its image of the program, dbx retrieves the values of 
variables from it. The most useful operations in post-mortem debugging are get¬ 
ting a stack trace with where, and examining the values of variables with 
print. Operations such as setting breakpoints, suspending and continuing exe¬ 
cution, and calling procedures, are not supported wifii post-mortem debugging. 

In live-process debugging, a process is started under control of dbx. From there, 
the user can: 

□ set the process’ starting point 

□ set and clear breakpoints 

□ restart a stopped process. 

The most useful operations are getting a stack trace with where, examining the 
values of variables with print and di splay, setting breakpoints with stop, 
and continuing execution with next, step, and cont. 

Multiple-process debugging is most useful when debuggmg the interaction 
between two tightly coupled programs. For example, in a networking situation it 
is common to have server and client processes that use some style of inter¬ 
process communication (remote procedure calls, for example). To debug both 
the client and the server simultaneously, each process must have its own instance 
of dbx. When using dbx for multiple-process debugging, it is advisable to 
begin each dbx in a separate window. This gives you a way to debug one pro¬ 
cess without without losing the context of the other debugging session. 

NOTE This does not mean that either dbx or dbxtool supports remote debugging. 

You can debug only processes running on your machine. 

Kernel debugging is a special form of post-mortem debugging. Start kernel 
debugging by specifying the -k option on the dbx or dbxtool command line 
(or with the debug command). When debugging the kernel, dbx uses page 
maps in the kernel’s core image to map addresses. The proc command specifies 
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which process’ user structure is mapped into the kernel’s u area. The where 
command displays the kernel stack associated with the process currently mapped 
into the u area. 


2.2. Common Features of 

dbx and dbxtool 


The following symbols and conventions apply to both dbx and dbxtool; as 
before, references to dbx apply to dbxtool as well. 


Filenames Filenames within dbx may include shell metacharacters. The shell used for pat¬ 

tern matching is determined by the SHELL environment variable. 

Expressions Expressions in dbx are combinations of variables, constants, procedure calls, 

and operators. Hexadecimal constants begin with “Ox” and octal constants with 
“0”. Character constants must be enclosed in single quotes. Expressions cannot 
involve literal strings, stractures, or arrays, although elements of structures and 
arrays may be used. However, the print and display commands do accept 
stractures or arrays as arguments and, in these cases, print the entire contents of 
the structure or array. The call command accepts literal strings as arguments, 
and passes them according to the calling conventions of the language of the rou¬ 
tine being called. 


Table 2-1 Operators Recognized by dbx 


Operators Recognized by dbx 

+ 

add 

- 

subtract 

* 

multiply 

/ 

divide 

div 

integer divide 

Q. 

"O 

remainder 

« 

left shift 

» 

right shift 

& 

bitwise and 

1 

bitwise or 


exclusive or 


bitwise complement 

& 

address of 

* 

contents of 

< 

less than 

> 

greater than 

<= 

less than or equal to 

>= 

greater than or equal to 

== 

equal to 

1 = 

not equal to 

1 

not 

&& 

logical and 

\ 1 

logical or 

sizeof 

size of a variable or type 

{type) 

type cast 
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Table 2-1 


Operators Recognized by dbx— Continued 


-> 


Operators Recognized by dbx 

structure field reference 
pointer to structure field reference 


The operator can be used with pointers to records, as well as with records 
themselves, making the C operator unnecessary (though it is supported). 


Precedence and associativity of operators are the same as in C, and are described 
in Table 2-2 below. Parentheses can be used for grouping. 


Table 2-2 Operator Precedence and Associativity 


Operator Associativity 

. -> 

left to right 

~ ! {type) * & sizeof 

right to left 

* / % dlv 

l^ to right 

+ - 

left to right 

A 

A 

V 

V 

left to right 

A 

A 

II 

V 

V 

left to right 

== ! = 

l^t to right 

& 

left to right 

- 

left to right 

1 

left to right 

&& 

left to right 

1 1 

left to right 

?: 

right to left 


dbx and FORTRAN 


Of course, if the program being debugged is not active and there is no core file, 
you may only use expressions containing constants. Procedure calls also require 
that the program be active. 


Note the following when using dbx with FORTRAN programs: 

1) Array elements must be referenced with square brackets [ and ] rather than 
with parentheses. So use print var [3] instead of print var(3). 

2) The main routine is referenced as MAIN (as distinguished from main). All 
other names in the source file that have upper case letters in them will be 
lower case in dbx, unless the program was compiled with £77 -u. For 
more information, see the section on dbxenv case under Miscellaneous 
Commands in Chapter 4 . 

3) When referring to the value of a logical type in an expression, use the value 
0 or 1 rather than . false. or . true., respectively. 
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dbx uses two variables to resolve scope conflicts: file and f unc (see Section 
4.9). The values of file and f unc change automatically as files and routines 
are entered and exited during execution of the user program. They can also be 
changed by the user. Changing f unc also changes the value of file; however, 
changing file does not change f unc. 

The func variable is used for name resolution, as in the command print 
grab where grab may be defined in two different routines. The search order is: 

1) Search for grab in the routine named by func. 

2) If grab is not found in the routine named by func, search the file contain¬ 
ing the routine named by func. 

3) Finally, search the outer levels — the whole program in the case of C and 
FORTRAN, and the outer lexical levels (in order outward) in the case of Pas¬ 
cal — for grab. 

Clearly, if grab is local to a different routine than the one named by func, or is 
a static variable in a different file than is the routine named by func, it won’t be 
found. Note, however, that print a. grab is allowed, as long as routine a 
has been entered but not yet exited. Note that the file containing the routine a 
might have to be specified when the file name (minus its suffix) is the same as a 
routine name. For example, if routine a is found in module a. c, then print 
a. grab would not be enough — you would have to use print a. a. grab. 

If in doubt as to how to specify a name, use the wher eis command, as in 
whereis grab to display the fuU qualifications of aU instances of the 
specified name — in this case grab. 

The variable f i 1 e is used to: 

1) Resolve conflicts when setting func — for example, when a C program has 
two static routines with the same name. 

2) Determine which file to use for commands that take only a source line 
number — for example, stop at 55. 

3) Determine which file to use for commands such as edit, which has 
optional arguments or no arguments at all. 

When dbx begins execution, the initial values of file and func are deter¬ 
mined by the presence or absence of a core file or process ID. If there is a core 
file or process ID, f ile and func are set to the point of termination. If there is 
no core file or process ID, func is set to main (or MAIN for FORTRAN) and 
file is set to the file containing main or ( MAIN). 

Note that changing func doesn’t affect the place where dbx continues execu¬ 
tion when the program is restarted. 
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dbxtool 


dbxtool [ -i ] [ -k ] [ -I dir ] [ -kbd ] [ objec0e [ corefile I processID ] ] 

dbxtool is a source-level debugger with a window and mouse-based user inter¬ 
face, accepting dbx’s, commands with a more convenient user interface. Using 
the mouse, one can set breakpoints, examine variable values, control execution, 
browse source files, and so on. There are subwindows for viewing source code, 
entering commands, and several other uses. This debugger functions in the sun- 
toolsifi) environment, so that the standard tool manager actions, such as moving, 
resizing, mving to the front or back, and so on can be applied to it. 


In the usage above, objecifile is an object file produced by cc, f 7 7, or pc, or a 
combination thereof, with the -g flag specified to produce the appropriate sym¬ 
bol information. If no objecifile is specified, one may use the debugger’s debug 
command to specify the program to be debugged. The object file contains a sym¬ 
bol table which includes the names of all the source files translated by the com¬ 
piler to create it. These files are available for perusal while using the debugger. 


NOTE Every stage of the compilation process, including the loading phase, must 
include the —g option. 

dbxtool can be used to examine the state of the program when it faulted if a 
file named core exists in the current directory, or a corefile is specified on the 
command line or in the debug command. 

Giving a processID instead of a corefile, halts the process and begins debugging 
it. Detaching the debugger from the process lets it continue. 

Debugger commands in the file . dbxinit are executed immediately after the 
symbolic information is read, if that file exists in the current directory, or in the 
user’s home directory if it isn’t there. 


1.1. dbxtool Options 



—k Kernel debugging. 

-I dir 

Add dir to the list of directories searched when looking for a source file. 
Normally dbxtool looks for source files in the directory where objecifile is 
located, and if the source files can’t be found there or in the current direc¬ 
tory, the user must teU todbxt oolwhere -I option or else set the directory 
search path with the use command. Multiple -I options may be given. 
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1.2. dbxtool Subwindows 


A dbxtool window consists of five subwindows. From top to bottom they are: 

status Gives the overall status of debugging, including the location where 
execution is currently stopped, and a description of lines displayed 
in the source subwindow. 

source Displays source text of the program being debugged, and allows you 
to move around in the source file. 



buttons Contains buttons for frequently used commands; picking a button 
with the mouse invokes the corresponding command. 

command Provides a typing interface to supplement the buttons subwindow. 
Also, most command output appears in this subwindow. 

display Display output appears here. 


Figure 1-1 Five dbxtool Subwindows 



1 Awaiting Execution 

n 

fpile Displayed: ,/example.c 

Lines: 13-32 || 


struct few few2 - { 3, 4, NULL, "world" } ; 
struct few fewl - { 1, 2, £few2, "hello" } ; 

/• 

* write a main program to use the structures 
•/ 

tnainCJ 

{ 

/* 

* declare the variable ‘fewp 

* to p[oint to a few-type structure 
*/ 

struct few ‘fewp; 


*/ 


print out a message 

f for (fewp - &fewl; fewp != NULL; fewp -> next;) { 

printf("V.s ", fewp -> message); 

} 


f print ][print *]! next }[ step ][stQp at]f cont ][stop in]f~clear ][ where 

i l i I t 1 


Reading symbolic information... 

Read 155 symbols 
(dbxtool) run 
Running; example 
hello world 

execution completed, exit code is 0 

program exited with 0 

(dbxtool) stop at "example.c" ;29 

(2) stop at "example,c" ;29 

(dbxtool) print fewp 

"fewp" is not active 

(dbxtool) 


W 
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3.3. Scrolling The source, command, and display windows have scroll bars to facilitate brows¬ 

ing their contents. The scroll bar is at the left edge of each window. The bar is a 
medium gray backgroimd with a darker gray area superimposed over it indicating 
the portion of the source file, command transcript, or display currently visible in 
the window. Note that the size of the darker gray area corresponds to the number 
of characters visible in the source window, not the number of lines. 

Within the scroll bar, the mouse buttons have the following functions: 

left ScroU forward, moving towards the end of the file. 

middle ScroU to absolute position in the text 

right ScroU backwards, moving towards the beginning of the file. 

Positioning the cursor within the scroU bar next to a given line and clicking the 
left button causes the line to move to the top of the window. Oicking the right 
button causes the top line in the window to move to the position of the cursor. 
The middle button treats the scroU bar as a thumb bar. The top of the thumb bar 
represents the beginning of the text, and the bottom represents the end of the text. 
Clicking the middle button in the scroU bar picks a point within the text relative 
to its entire size. This point is then displayed at the top of the window. 

See Windows and Window-Based Tools: Beginner’s Guide for a more complete 
description of scroU bars. 

3.4. The Source Window The source window displays the text of the program being debugged. InitiaUy, it 

displays text from either the main routine, if there is no core file, or the point at 
which execution stopped, if there is a core file. Whenever execution stops during 
a debugging session, it displays the point at which it stopped. The file com¬ 
mand can be used to switch the source window to another file; the focus of atten¬ 
tion moves to the beginning of the new file. Similarly, the f unc command can 
be used to switch the source window to another function; the new focus of atten¬ 
tion is the first executable line in the function. 

Brealqxrints are indicated in the source window by a solid stop sign at the begin¬ 
ning of the line. The point at which execution is currenUy stopped is marked by 
either a rightward pointing outlined or hoUow arrow. 

One can either type commands to dbxtool, in the command window or con¬ 
struct commands with the selection and button mechanism (if a button is pro¬ 
vided for the command), but typing and buttons cannot be combined to buUd a 
command. 

The command window is a text subwindow and so uses the text selection facility 
described in Windows and Window-Based Tools: Beginner’s Guide. 

The software buttons operate in a postfix marmer. That is, one first selects the 
argument, and then clicks the software button with the left mouse button. Each 
command interprets the selection as appropriate for that command. 


3.5. Constructing 
Commands 
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3.6. Command Buttons 


! \ 


expand A selection may be interpreted as exactly representing selected 

material, except that it is expanded if either the first or last character 
of the selection is an alphanumeric character or underscore. It is 
expanded to the longest enclosing sequence of alphanumeric charac¬ 
ters or underscores. Selections made outside of dbxtool cannot be 
expanded and are interpreted as exactly the selected text. 

lineno A selection in the source window may be interpreted as representing 
the (line number of the) first source line containing aU or some of the 
selection. 


There are five ways that dbxtool may inteipret a selection: 

literal A selection may be interpreted as exactly representing selected 
material. 


command A selection in the command window may be interpreted as represent¬ 
ing the command containing the selection. 

ignore Buttons may ignore a selection. 


The standard set of command buttons in the buttons window is as follows: 


print Print the value of a variable or expression. Since this button expands 
the selection, identifiers can be printed by selecting only one charac¬ 
ter. 

print * Print the value of all variables or expressions. Since this button 
expands the selection, identifiers can be printed by selecting only 
one character. 


o 


next Execute one source statement and then stop execution, except that if 
the statement contains a procedure or function call, execute through 
the called routine before stopping. The next button ignores the 
selection. 


step Execute one source line and then stop execution again. If the current 
source line contains a procedure or function call, stop at the first exe¬ 
cutable line within the procedure or function. The step button 
ignores the selection. 

stop at Set a breakpoint at a given source line. Interpret a selection in the 
source window as representing the line number associated with the 
first line of the selection. 


cont Resume execution from the point where it is currently stopped. The 
cont button ignores the selection. 


stop in Set a breakpoint at the first line of a given function or procedure. 

Since this button expands the selection, identifiers may be printed by 
selecting only one character. 


clear Clear all breakpoints at the currently selected point <lineno> 
clear clears all breakpoints at the specified line number. 
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where 

Prints a procedure traceback. <nuinber> where prints number 
top procedures in the traceback. 

up . 

Moves up the call stack one level. <number> up 
stack up number levels. 

moves the call 

down 

Moves the call stack down one level. <number > 
call stack down number levels. 

down moves the 

run 

Begins execution of the program. <ar gument s> 
execution of the program with new arguments. 

run begins 


NOTE The second form cannot be entered in its standard form with the run button, 

only by typing the command. 

The button command defines buttons in the buttons window. It can be used in 
. dbxinit to define buttons not otherwise displayed, or during a debugging ses¬ 
sion to add new buttons. The first argument to button is the selection interpre¬ 
tation for the button, and the remainder is the command associated with it. The 
default set of buttons can be replicated by the sequence 


button 

expand 

print 


button 

expand 

print * 


button 

ignore 

next 


button 

ignore 

step 


button 

lineno 

stop at 


button 

ignore 

cont 


button 

expand 

stop in 


button 

ignore 

clear 


button 

ignore 

where 


button 

ignore 

up 


button 

ignore 

down 


button 

ignore 

run 





) 


The unbutton command may be used in . dbxinit to remove a default but¬ 
ton from the buttons window, or during a debugging session to remove an exist¬ 
ing button. The argument to unbutton is the command associated with the 
button. 

3.8. The Display Window The display window provides continual feedback of the values of selected vari¬ 

ables. The display command specifies variables to appear in the display win¬ 
dow, and undisplay removes them. Each time execution of the program 
being debugged stops, the values of the displayed variables are updated. 

3.9. Editing in the Source The source window is a standard text subwindow (see Windows and Window- 

Window Based Tools: Beginner’s Guide for details). Initially dbxtool puts the source 

subwindow in browse mode, meaning that editing capabilities are suppressed, 
dbxtool adds a “start editing” entry to the standard text subwindow menu in 
the source window. When this menu item is selected, the file in the source win¬ 
dow becomes editable, the menu item changes to “stop editing”, and any annota¬ 
tions (stop signs and arrows) are removed. The “stop editing” menu item is a 


3.7. Choosing Your Own 
Buttons 
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3.10. Controlling the 
Environment 


3.11. Other Aspects of 

dbxtool 


pull-right menu with two options: “save changes” and “ignore changes”. Select¬ 
ing either of these menu items disables editing, changes the menu item back to 
“start editing”, and causes the annotations to return. 



After editing a source file, it is advisable to rebuild the program, as the source file 
no longer reflects the executable program. 


The toolenv command provides control over several facets of dbxtool’s 
window environment, including the font, the vertical size of the source, com¬ 
mand, and display windows, the horizontal size of the tool, and the minimum 
number of lines between the top or bottom of the source window and the arrow, 
These are chiefly useful in the . dbxinit file to control initiajization of the 
tool, but may be issued at any time. 


The commands, expression syntax, scope rules, etc. of dbxtool are identical to 
those of dbx. Three of the commands, toolenv, button, and unbutton 
affect only dbxtool, so they are described below. See Chapter 4 for descrip¬ 
tions of the others. 


toolenv toolenv [ attribute value ] 

Set or print attributes of the dbxtool window. This command has no effect in 
dbx. The possible attribute-value pairs and their interpretations are as follows: 

Table 3-1 Attribute-Value Pairs for dhKtool 


Attribute-Value 

Description 

font fonlfile 

change the font to that found in fontfile', default is taken 
from the DEFAULT FONT shell variable. 

width nchars 

change the width of the tool window to nchars charac¬ 
ters; default is 80 characters. 

srclines nlines 

make the source subwindow nlines high; default is 20 
lines. 

cmdlines nlines 

make the command subwindow nlines high; default is 12 
lines. 

di splines nlines 

make the display subwindow nlines high; default is 3 
lines. 

topmargin nlines 

keep the line with the arrow at least nlines from the top 
of the source subwindow; default is 3 lines. 

botmargin nlines 

keep the line with the arrow on it at least nlines from the 
bottom of the source subwindow; default is 3 lines. 


The toolenv command with no arguments prints the current values of aU the 
attributes. 
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button button selection command-name 

Associate a button in the buttons window with a command in dbxtool. This 
command has no effect in dbx. The argument selection may be any of 
literal, expand, lineno, command and ignore, as described in Section 
3.5 . The commandjiame argument may be any sequence of words correspond¬ 
ing to a dbxtool command. 

unbutton unbutton command-name 

Remove a button from the buttons window. The first button with a matching 
command-name is removed. 

menu The menu command defines the menu list in the buttons window. It can be used 

in . dbxinit to define menu items not otherwise displayed, or during a debug¬ 
ging session to add new menu items. The first argument to menu is the selection 
interpretation for the menu, and the remainder is the command associated with it. 
The default set of menus can be replicated by the sequence 


r 




menu 

expand 

display 


menu 

expand 

undisplay 


menu 

expand 

file 


menu 

expand 

func 


menu 

ignore 

status 


menu 

lineno 

cont at 


menu 

ignore 

make 


menu 

ignore 

kill 


menu 

expand 

list 


menu 

ignore 

help 


V 



J 


unmenu 


3.12. Bugs 


The unmenu command may be used in . dbxinit to remove a default menu 
from the menus window, or during a debugging session to remove an existing 
menu item. The argument to unmenu is the menu to be removed. 

The interaction between scrolling in the source subwindow and dbx’s regular 
expression search commands is wrong. Scrolling should affect where the next 
search begins, but it does not. 



microsystems 


Revision: A of May 9, 1988 












dbx 


dbx. 23 

4.1. Preparing Files for dbx. 24 

4.2. Invoking dbx. 24 

4.3. dbx Options. 24 

4.4. Listing Source Code. 25 

4.5. Listing Active Procedures. 25 

4.6. Naming and Displaying Data. 26 

4.7. Setting Breakpoints. 27 

4.8. Running and Tracing Programs. 29 

4.9. Accessing Source Files and Directories. 31 

4.10. Machine-Level Commands. 32 

4.11. Miscellaneous Commands. 35 

4.12. Debugging Processes that Fork. 36 

4.13. dbx FPA Support. 37 

4.14. Example of FPA Disassembly. 38 

4.15. Examples of FPA Register Use. 39 


































49 




dbx 



i 





i 

j 


dbx [ -r ] [ -k ] [ -kbd ] [ -I dir ] [ objectjile [ corefile I processID ] ] 

dbx is a tool for source-level debugging and execution of programs, that accepts 
the same commands as dbxtool, but has a line-oriented user interface, which 
does not use the window system. It is useful when you can’t run Simview. (See 
also dbx(l).) 

Table 4-1 dbx Functions 


dbx Functions 

Function 

Commands 

list active prcrcedures 

down, proc, up, where 

name, disjday, and set v^iables 

assign, display, dump, 
print, set, setSl, 
undisplay, whatis, whereis, 
which 

set breakpoints 

catch, clear, delete, 
ignore, status, stop, 
trace, when 

run and trace program 

call, cont, next, rerun, 
run, step 

access source files & directories 

cd, edit, file, func, list, 
pwd, use, /, ? 

process manipulation 

debug, detach, kill 

miscellaneous commands 

alias, dbxenv, help, sh, 
source, quit, setenv 

machine-level commands 

nexti, stepi, stopi, tracei 


Although dbx provides a wide variety of commands, there are a few that you 
wiU execute most often. You will probably want to 

o find out where an error occurred, 

□ display and change the values of variables. 
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*V J 

o display the values of constants, ' 

□ set breakpoints, 

□ and run and trace your program. 


4.1. Preparing Files for When compiling programs with cc, f 7 7, or pc, you must specify the -g option 

dbx on the command line, so that symbolic information is produced in the object file. 

Every step of compilation (including linking) must include this option. 

WARNING dbx won*t correctly debug library modules whose names are more than 14 
characters long. While ar emits a warning at the time the library is being 
created that the name of the file is being truncated, dbx will offer no warning 
that there is a problem, other than not working correctly as you attempt to 
debug the offending module. 


WARNING If you use Id’s -r option when compiling your program, attempts to debug the 

final load module with dbx will often fail. This is because Id -r modifies the 
symbol table and the resultant load module. 


4.2. Invoking dbx 


To invoke dbx, type: 


O 


% c3bx options objfile corefile 


dbx begins execution by printing: 


Reading symbolic information... 

Read nnn symbols 
<dbx) 

V_> 


To exit dbx and return to the command level, type: 


r 

- N 

<dbx) quit 


O. 

•5 



J 


4.3. dbx Options 


The options to dbx are: 

-r Execute objfile immediately. Parameters follow the object filename (redirec¬ 
tion is handled properly). If the program terminates successfully, dbx exits. 
Otherwise, dbx reports the reason for termination and waits for your 
response. When -r is specified and standard input is not a terminal, dbx 
reads from /dev/tty. 

-k Kernel debugging: dbx uses page maps within the kernel’s core image to 
map addresses. 


-kbd 

Debugs a program that sets the keyboard into up/down translation mode. 
This flag is necessary if the program you are debugging uses up/down 
encoding. 
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-Idir 

Add dir to the list of directories searched when looking for a source file. 
Normally, dbx looks for source files in the directory where objfile is located, 
and if the source files can’t be found there or in the current directory, the 
user must tell dbx where to find the source files; either with the -I option or 
else set the directory search path with the use command. 

The objfile contains compiled object code. If it is not specified, one can use the 
debug command to specify the program to be debugged. The object file con¬ 
tains a symbol table, which includes the names of all the source files the compiler 
translated. These files are available for perusal while using the debugger. 

If a file named core exists in the current directory, or a corefile is specified, 
dbx can be used to examine the state of the program when it faulted. If a pro- 
cessID is given instead, dbx halts the process and begins debugging it. If you 
later detach the debugger from the it, the process continues to execute. 

Debugger commands in the file . dbxinit are executed immediately after the 
symbolic information is read if that file exists in the current directory, or in the 
user’s home directory if it is not found in the current directory. 

4.4. Listing Source Code If you invoked dbx on an objfile, you can list portions of your program, and 

associated line numbers in the program’s source file. For example, consider the 
program example. c, which you can see by typing: 


f 



{dbx) 

list 1,12 


1 

tinclude <stdio.h> 


2 



3 

mainO 


4 

{ 


5 

print f ("goodbye world!\n") ; 


6 

dumpcore() ; 


7 

1 


8 



9 

dumpcore( ) 


10 

{ 


11 

abort 0; 


12 

} 


V_ 


J 


4.5. Listing Active 
Procedures 


If the range of lines starts past the end of file, dbx will teU you the program has 
only so many lines; if the range of lines goes past the end of file, dbx will print 
as many lines as it can, without complaining. You can also list just a single pro¬ 
cedure by typing its name instead of a range of lines; for example list main 
prints ten lines starting near the top of the main {) procedure. 


If your program fails to execute properly, you probably want to find out the pro¬ 
cedures that were active when the program crashed. Use the where command, 
like this: 


r 

\ 

where [ n ] 
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4.6. Naming and 
Displaying Data 


where displays a list of the top n active procedures and functions on the stack, 
and associated sourcefile line number (if available). If n is not specified, all 
active procedures are displayed. 

When debugging a post-mortem dump of the example. c program above, dbx 
prints the following: 

'-> 

(dbx) where 
abort() at 0x8OeS 

dumpcoreO, line 12 in "example.c” 

main(0xl, 0xfffd84, Oxfffd8c), line 7 in "example.c" 

(dbx) 

--- 

Three other commands useful for viewing the stack are: 
up [n] 

Move up the call stack (towards main) n levels. If n is not specified, the 
default is cme. This command allows you to examine the local variables in 
functions other than the current one. In dbxtool, the fine containing the 
call that passes from the nth outer level to the (n-1 )th is highlighted for one 
second. 

down [n] 

Move (town tte call stack (towards the current stopping point) n levels. If n 
is not specified, the default is one. 

proc [process_id] 

Specify for kernel debugging which user process is mapped into the u area 
and hence has its kernel stack displayed by the where command. If no 
argument is given, proc reports the process id of the process currently 
mapped into the u area. 

print expression [, expression ...] 

Print the values of specified expressions. An expression may involve fimc- 
tion calls if you are debugging an active process. If execution of a function 
encounters a breakpoint, execution halts and the dbx command level is re¬ 
entered. A stack trace with the where command shows that the call ori¬ 
ginated from the dbx command level. 

Variables having the same name as one in the current function may be refer¬ 
enced as funcname.variable, orfilename.funcname.variable. Th& filename is 
required if funcname occurs in several files or is identical to a filename. For 
example, to accress variable i inside routine a, which is declared inside 
module a. c, you would have to use print a. a. i to make the name a 
unambiguous. Use whereis to determine the fully qualified name of an 
identifier. See dbx Scope Rules in Chapter 2 for more details. 

display {expression [, eaprejsin/i...] ] 

Display the values of the expressions each time execution of the debugged 
program stops. The name qualification rules for print apply to display 
as well. With no arguments, the display command prints a list of the 
expressions currently being displayed, and a display number associated with 



Revision: A of May 9,1988 





Chapter 4 — dbx 27 


each expression. In dbxtool, the variable names and values are shown in 
the display subwindow; in dbx they are printed automatically whenever 
execution stops. 

undisplay expression [, expression ...] 

Stop displaying the expressions and their values each time execution of the 
program being debugged stops. The name qualification rules for print 
apply to undisplay as well. A numeric expression is interpreted as a 
display number and the coire^nding expression is deleted from the 
display. 

what is identifier 
what is type 

Print the declaration of the given identifier or type. The identifier may be 
quahfied with block names as above. The type argument is useful to print all 
the members of a stmcture, union, or enumerated type. 

which identifier 

Print the fiilly qualified form of the given identifier; that is, the outer blocks 
with which the identifier is associated. 

where!s identifier 

Print the fully qualified form of all symbols whose names match the given 
identifier. The order in which the symbols are displayed is not meaningful. 

assign variable = expression 
set variable = expression 

Assign the value of the expression to the variable. Currently no type conver¬ 
sion takes place if operands are of different types. 

s e 181 jpreg - wordl word2 word3 

Treat the 96-bit value gotten by concatenating wordl, word2, and wordS as 
an IEEE floating-point value, and assign it to the named MC68881 floating¬ 
point register jpreg. Note that MC68881 registers can also be set with the 
set command, but that the value is treated as double-precision and con¬ 
verted to extended precision. This command applies to Sun-3 systems 
only. 

dump [func^ 

Display the names and values of all the local variables and parameters in 
func. If not specified, the current function is used. 

4.7. Setting Breakpoints Brealqpoints are set with the stop and when commands, which have the follow¬ 
ing forms: 

stop at source-line-number [if condition ] 

Stop execution at the given line number whenever the condition is tme. If 
condition is not specified, stop every time the Une is reached. 
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Stop in procedurelfunction [if condition ] 

Stop execution at the first line of the given procedure or function whenever 
the condition is true. If condition is not specified, stop every time file line is 
reached. 



stop variable [if condition ] 

Stop execution whenever the value of variable changes and condition is tme. 
If condition is not specified, stop every time the value of variable changes. 
This command performs interpretive execution, and thus is significantly 
slower than most other commands. 


stop if condition 

Stop execution whenever condition becomes true. This command performs 
interpretive execution, and thus is significantly slower than most other com¬ 
mands. 

when in procedurelfunction {command;...} 

Execute the given dbx command(s) whenever the specified procedure or 
function is entered. 


when at source-line-number { command;...} 

Execute the given dbx command(s) whenever the specified source-line- 
number is reached. 

when condition { command ;...} 

Execute the given dbx command(s) whenever the condition is true before a 
statement is executed. This command performs interpretive execution, and ^ 
thus is significantly slower than most other commands. 

NOTE In the when commands, the braces and the semicolons between commands are 
required. 

The following commands can be used to view and change breakpoints: 
status [ > filename ] 

Display the currently active trace, stop, and when commands. A 
command-number is listed for each command. The filename argument 
causes the ou^ut of status to be sent to that file. 

delete command-number [, command-number ... ] 
delete all 

Remove the trace, when, and/or stop commands corresponding to the 
given command-numbers, or all of them. The status command explained 
above displays numbers associated with these commands. 

clear source-line-number 

Qear all breakpoints at the given source line number. If no source-line- 
number is given, the current stopping point is used. 

Two additional commands can be used to set a breakpoint when a signal is 
detected by the program, rather than a condition or location. 

catch [ number [, number ... ] ] 

Start trapping the signals with the given numbeifs) before they are sent to J 

the program being debugged. This is useful when a program handles signals 
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such as interrupts. Initially aU signals are trapped except SIGHUP, 
SIGCONT, SIGCHILD, SIGALRM, SIGKILL, SIGSTP, and SIGWINCH. 
If no number is given, list the signals being caught. 

ignore [ number [, number ... ] ] 

Stop trapping the signals with the given number(s) before they are sent to the 
program being debugged. This is useful when a program handles signals 
such as interrupts. If no number is given, hst the signals being ignored. 


4.8. Running and Tracing 
Programs 


You can run and trace your code using the following commands: 

run [args] [<filename] [>filename] [>>filename] 

Start executing objfile, specified on the dbx command line (or with the most 
recent debug command), passing args as command-line arguments; <, >, 
and » can be used to redirect input or output in the usual manner. Other¬ 
wise, aU characters in args are passed through unchanged. If no arguments 
are specified, the argument list from the last run command (if any) is used. 
If objfile has been written since the last time the symbolic information was 
read in, dbx reads the new information before beginning execution. 

rerun [ args ] [ < filename ] [ > filename ] [» filename ] 

Identical to run, except in the case where no arguments are specified. In 
that case run runs the program with the same arguments as on the last invo¬ 
cation, whereas rerun runs it with no arguments at all. 

cent [at source-line-number ] [s±g sig-number] 

Continue execution from where it stopped, or, if the clause at source-line- 
number is given, at that line number. The sig-number causes execution to 
continue as if that signal had occurred. The source-line-number is evaluated 
relative to the current file and must be within the current procedure/function. 
Execution cannot be continued if the process has finished (that is, has called 
the standard procedure _exit). dbx captures control when the process 
attempts to exit, thereby letting the user examine the program state. 

trace source-line-number [if condition ] 
trace procedure/function [if condition ] 
trace [laprocedure!function] [It condition] 
trace expression at source-line-number [if condition ] 
trace variable [Inprocedure!function] [It condition] 

Display tracing information when the program is executed. A number is 
associated with the trace command, and can be used to turn the tracing off 
(seethe delete command). 

If no argument is specified, each source line is displayed before it is exe¬ 
cuted. Execution is substantially slower during this form of tracing. 

The clause in procedurelfunction restricts tracing information to be 
displayed only while executing inside the given procedure or function. Note 
that the procedurelfunction traced must be visible in the scope in which the 
trace command is issued — see the func command. 

The condition is a Boolean expression evaluated before displaying the trac¬ 
ing information; the information is displayed only if condition is tme. 
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The first argument describes what is to be traced. The effects of different 
kinds of arguments are described below; 



Table 4-2 


Tracing and its Effects 


source-line-number 

Display the line immediately before executing it 
Source line numbers in a file other than the 
current one must be preceded by the name of the 
file in quotes and a colon, for example, 

"mumble.p":17. 

procedure/function 

Every time the procedure or function is called, 
display information telling what routine called it, 
from what source line it was called, and what 
parameters were passed to it. In addition, its 
return is noted, and if it is a function, the return 
value is also displayed. 

egression 

The value of the expression is displayed whenever 
the identified source line is reached. 

variable 

The name and value of the variable are displayed 
whenever the value changes. Execution is sub¬ 
stantially slower during this form of tracing. 


Tracing is turned off whenever the function in which it was turned on is 
exited. For instance, if the program is stopped inside some procedure and 
tracing is invoked, the tracing will end when the procedure is exited. To 
trace the whole program, tracing must be invoked before a run command is 
issued. 



When using conditions with trace, stop, and when, remember that variable 
names are resolved with respect to the scope current at the time the command is 
issued (not the scope of the expression inside the trace, stop, or when com¬ 
mand). For example, if you are currently stopped in function f oo () and you 
issue the command 


/ 


stop in bar if x==5 


V,_ 

J 


the variable x refers to the x in function f oo (), not in bar (). The f unc com¬ 
mand can be used to change the scope before issuing a trace, stop, or when 
command, or the name can be qualified, for example, bar. x==5. 

step [n] 

Execute through the next n source lines and then stop. If n is not specified, it 
is taken to be one. Step into procedures and functions. 

next [ n] 

Execute through the next n source lines and then stop, counting functions as 
single statements. I ; 
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call procedure ( parameters ) 

Execute the named procedure (or function), with the given parameters. If 
any breakpoints are encountered, execution halts and the dbx command 
level is reentered. A stack trace with the where command shows that the 
call originated from the dbx command level. 

If the source file in which file routine is defined was compiled with the -g 
flag, the number and types of parameters must match. However, if C rou¬ 
tines are called that are not compiled with the -g flag, dbx does no parame¬ 
ter checking. The parameters are simply pushed on the stack as given in the 
parameter list. Currently, FORTRAN alternate return points are not passed 
properly. 

These commands let you access source files and directories without exiting dbx: 

edit [filename] 
edit procedurelfunction 

Invoke an editor on filename (or on the current source file if none is 
specified). If a procedure or function name is specified, the editor is invoked 
on the file that contains it. The default editor invoked is vi. Set the 
environment variable EDITOR to the name of a preferred editor to override 
the default. For dbxtool, the editor comes up in a new window. 

file [filename] 

Change the current source file to filename, or print the name of the current 
source file if no filename is specified. 

f unc [ procedure j function / objfile ] 

Change the current function, or print file name of the current function if none 
is specified. Changing the current function implicitly changes the current 
source file variable file to the one that contains the function; it also 
changes the current scope used for name resolution. If the global scope is 
desired, the argument should be the objfile. 

list [ source-line-number [, source-line-number ] ] 
list procedurelfunction 

List the lines in the current source file from the first line number through the 
second. If no lines are specified, the next 10 lines are listed. If the name of a 
procedure or function is given, lines n—5 to n+5 are listed, where n is the 
first statement in the procedure or function. If the li s t command’s argu¬ 
ment is a procedure or function, the scope for further listing is changed to 
that routine — use the f ile command to change it back. In dbxtool, the 
region of the file is shown in the source window and extends from the first 
line number to the end of the window. 

use [ directory ... ] 

Set the list of directories to search when looking for source files. If no direc¬ 
tory is given, print the current list of directories. Supplying a list of direc¬ 
tories replaces the current (possibly default) list. The list is searched from 
left to right. 


4.9. Accessing Source Files 
and Directories 
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4,10. Machine-Level 
Commands 


cd [ dirname ] 

Change dbx’s notion of the current directory to dirname. With no argu¬ 
ment, use the value of the HOME environment variable. 



pwd 

Print dbx’s notion of the current directory. 

/ stringy ] 

Search downward in the current file for the regular expression string. The 
search begins with the line immediately after the current line and, if neces¬ 
sary, continues until the end of the file. The matching line becomes the 
current line. In dbxtool, the matching line is highlighted for one second. 


?string[l] 

Search upward in the current file for the regular expression string. The 
search begins with the line immediately before the current line and, if neces¬ 
sary, continues until the top of the file. The matching line becomes the 
current line. In dbxtool, the matching line is highlighted for one second. 

When dbx searches for a source file, the value of file and the use directory 
search path are used. The value of file is appended to each directory in the 
use search path until a matching file is found. This file becomes the current file. 


dbx knows the same filenames as were given to the compilers. For instance, if a 
file is compiled with the command 

c ^ 

% cc -c -g ../mip/scan.c 

V_/ 



then dbx knows the filename . . /mip/scan. c, but not scan, c. 


These commands are used to debug code at the machine level: 

tracei [ address ] [if cond ] 

tracei [variable} [a.t address] [i.f. cond] 

Turn on tracing of individual machine instructions. 

stopi [ variable ] [if cond ] 
stopi [a.t address] [xf cond] 

Set a breakpoint at the address of a machine instruction. 


stepi 

nexti 

Single step as in step or next, but do a single machine instruction rather 
than a line of source. 

address, address / [ mode ] 
address / [ count ] [ mode ] 


+/ [ count ] [ mode ] 

Display file contents of memory starting at the first address and continuing 
up to the second address, or until count items have been displayed. If a + is 
specified, the address following the one displayed most recently is used. 

The mode specifies how memory is displayed; if omitted, the last specified 
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mode is used. The initial mode is X. The following modes are supported: 


Mode 

Does 

i 

display as a machine instruction 

d 

display as a halfword in decimal 

D 

display as a word in decimal 

o 

display as a halfword in octal 

0 

display as a word in octal 

X 

display as a halfword in hexadecimal 

X 

display as a word in hexadecimal 

b 

display as a byte in octal 

c 

display a byte as a character 

s 

display as a string of characters terminated by a null byte 

f 

display as a single-prxision real number 

g 

display as a double-precision real number 

E 

display as an extended-precision real number 


Symbolic addresses used in this context are specified by preceding a name with 
an ampersand &. Registers are denoted by preceding a name with a doUar sign $. 
Here is a list of MC680x0 register names: 


Register 

Name 

$d0-$d7 

data registers 

$a0-$a7 

address registers 

$fp 

frame pointer (same as $ a 6) 

$sp 

stack pointer (same as $a7) 

$pc 

program counter 

$ps 

. program status 


The following registers apply only to Sun-3s: 


Register 

Name 

$fp0-$fp7 

MCi58881 data registers 

$fpc 

MCj58881 control register 

$fps 

MCi58881 status register 

$fpi 

MCi58881 instruction address register 

$fpf 

Mc|58881 flags (unused, idle, busy) 

$fpg 

MCj58881 floating-point signal type 


For example, to print the contents of the data and address registers in hex on a 
Sun-2 or Sun-3, type &$dO/16X<|)r &$d.O, &$a7/X. To print the contents of 
register dO, type print $dO (orie cannot specify a range with print). 
Addresses may be expressions made up of other addresses and the operators -i- 
(plus), - (minus), * (multiply), ancl indirection (unary *). The address may be a 
+ alone, which causes the next location to be displayed. 

See the SPARC Architecture Reference Manual and the Sun-4 Assembly 
Language Reference Manual for information about Sun-4 registers and address¬ 
ing. 
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Here is the list of Sun386i registers: 


Register 

Name 

$ss 

stack segment register 

$eflags 

flags 

CO 

o 

<o- 

code segment register 

$eip 

instruction pointer 

$eax 

general register 

$ebx 

general register 

$ecx 

general register 

$edx 

general register 

$esp 

stack pointer 

$ebp 

frame pointer 

$esi 

source index register 

$edi 

destination index register 

$ds 

data segment register 

$es 

alternate data segment register 

$f s 

alternate data segment register 

$gs 

alternate data segment register 


On the Sun386i, to print the contents of the data and address registers in hex, 
type &$eax/16Xor &$eax,&$edi/X. To print the contents of register 
eax,t 5 ?pe print $eax. 


You can also access parts of the Sun386i registers. Specifically, the lower halves 
(16 bits) of these registers have separate names, as follows: 


Register 

Name 

$ax 

general register 

$cx 

general register 

$dx 

general register 

$bx 

general register 

$sp 

stack pointer 

$bp 

frame pointer 

$si 

source index register 

$di 

destination index register 

$ip 

instruction pointer, lower 16 bits 

$flags 

flags, lower 16 bits 


Furthermore, the first four of these 16 bit refisters can be split into two 8-bit 
parts, as follows: 
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Register 

Name 

$al 

lower (right) half of register $ax 

$ah 

higher (left) half of register $ax 

$cl 

lower (right) half of register $cx 

$ch 

higher (left) half of register $cx 

$dl 

lower (right) half of register $dx 

$dh 

higher Oeft) half of register $dx 

$bl 

lower (right) half of register $bx 

$bh 

higher (left) half of register $bx 


The registers for the Sun386i math coprocessor are the following: 


Register 

Name 

$fCtrl 
$fstat 
$ftag 
$fip 
$f cs 
$fopoff 
$fopsel 
$stO - $st7 

control register 
status register 
tag register 

instruction pointer offset 
code segment selector 
operand pointer offset 
operand pointer selector 
data registers 


sh command-line 

Pass the command line to the shell for execution. The SHELL environment 
variable determines which shell is used. 

alias new-command-name character-sequence 

Respond to new-command-name as though it were character-sequence. Spe¬ 
cial characters occurring in character-sequence must be enclosed in double 
quotation marks. Alias substitution as in the C shell also occurs. For exam¬ 
ple, ! : 1 refers to the first argument. The command 

- --- ^ 

alias mem "print (!:1)->meml->mem2" 

V_^, 

creates a mem command that takes an argument, evaluates its meml->mem2 
field, and prints the result. 

he Ip [ command ] 
help 

Print a short message explaining command. If no argument is given, display 
a synopsis of all dbx commands. 

source filename 

Read dbx commands from the given filename. This is especially useful 
when that file was created by redirecting a status command from an ear¬ 
lier debugging session. 


4.11. Miscellaneous 
Commands 


wsun 

Xr microsystems 
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quit 

Exit dbx. 



dbxenv 

dbxenv stringlen num 

dbxenv case [sensitive 1 insensitive ] 
dbxenv speed seconds 

Set dbx attributes. The dbxenv command with no argument prints the 
attributes and their current values. The keyword stringlen controls the 
maximum number of characters printed for a char * variable in a C pro¬ 
gram (default 512). The keyword case controls whether upper and lower 
case letters are considered different The default is sensitive; insen¬ 
sitive is most useful for debugging FORTRAN programs. The keyword 
speed determines the interval between execution of source statements dur¬ 
ing tracing (default 0.5 seconds). 


debug [-k ] [objfile [ corefile /process-id ] ] 

Terminate debugging of the current program (if any), and begin debugging 
the one found in objfile with the given corefile or live process, without incur¬ 
ring the overhead of reinitializing dbx. If no arguments are specified, the 
name of the program currently being debugged and its arguments are 
printed. The -k flag specifies kernel debugging. You must have both the 
objfile and corbie or live process available to perform debugging. 


kill 

Terminate debugging of the current process and kill the process, but leave 
dbx ready to debug another. This can eliminate remains of a window pro¬ 
gram you were debugging without exiting the debugger, or allow the object 
file to be removed and remade without incurring a “text file busy” error mes¬ 
sage. 




detach 

Detach a process from dbx and let it continure to execute. The process is no 
longer under the control of dbx. 

setenv name string 

Set the environment variable name to the value of string. (See csh(l)). 


4.12. Debugging Processes Debugging a process that creates a new process (}jsmgfork(2y) introduces unique 

that Fork problems, dbx uses ptrace(2) to fetch from and store into the program being 

debugged. 

After a fork, there are two processes sharing the same text (code) space. The ker¬ 
nel does not allow ptrace () to write into a text space that is being used by 
more than one process. This means that the debugged program must not 
encounter any breakpoints while the child of the folk is still sharing its text 
space. In most cases, the child of the fork spawns a new program almost 
immediately, using exec(2). After the exec (), it is safe for the debugged pro¬ 
gram to encounter breakpoints. Therefore, it is recommended that a sleepQ) of 
two or three seconds be placed in the debugged code immediately after the fork. f ^ 

This gives the child of the fork time to execute a new program and get out of the V / 

way. 
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4.13. dbx FPA Support 


Release of the Floating Point Accelerator (FPA) for Siin-3 systems also necessi¬ 
tated some changes to dbx, in order to support debugging of programs that use 
the FPA. Here are changes made to dbx in Release 3.1 and later: 


1. There is a new f paasm debugger variable to control disassembly of FPA 
instructions. This variable may be set or displayed using the dbxenv com¬ 
mand, for which the syntax is: 




If the value of f paasm is of f , aU FPA instructions are disassembled as 
moves. If the value is on, FPA instructions are disassembled with FPA 
assembler mnemonics. Defaults: on a machine with an FPA, f paasm is ini¬ 
tially set to on; on machines without an FPA, it is initially set to of f. 


2. The f pabase debugger variable has been added. It designates a 68020 
address register for FPA instructions that use base+short displacement 
addressing to address the FPA. The syntax is: 






dbxenv fpabase <a[0-7]|off> 


1 _ 




If FPA disassembly is disabled (if fpaasm is off) its value is ignored. 
Otherwise, its value is interpreted as follows: 

value in [aO . . a7]: 

Long move instructions that use the designated address register in 
base+short displacement mode are assumed to address the FPA, and are 
disassembled using FPA assembler mnemonics. Note that this is 
independent of the actual run-time value of the register. 

value = offO: 

All based-mode FPA instructions are disassembled 
and single-stepped as move instructions. 

The default value of fpabase is off, which designates no FPA base regis¬ 
ter. 

3. The FPA registers $ f paO . . $ f pa31 are recognized and can be used in 
arithmetic expressions or modified in set commands. This extension only 
applies on a machine with an FPA. Note that if an FPA register is used in an 
expression or assignment, its type is assumed to be double precision. 

4. FPA registers can be displayed in single precision using the /f display for¬ 
mat. Double precision values are displayed using the /F display format. 

NOTE Note that FPA support does not apply to the Sun386i. 
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4.14. Example of FPA 
Disassembly 



Consider the following simple FORTRAN program: 



Assume that this program has been compiled with the -g option into the file 
example. On a Sun-3 with an FPA, we could disassemble the function f as 
shown below. Note that the FORTRAN intrinsic ATAN is directly supported by 
the FPA instruction set and the FORTRAN compiler. 


% dbxa.out 

(dbx) stop in f 
(1) stop in f 
(dbx) run 
Running: a.out 
stopped in f at 
5 

(dbx) &$pc/8i 
f+0x12 
f+0x16 
f+0xlc 
f+0x20 
f+0x2 6 
f+0x2e 
f+0x36 
f+0x40 


line 5 in file "example.f 
f = atan(x/y) 

movl a6@(0xc),a0 

fpmoves a0@,fpa0 
movl a6@(0x8),a0 

fprdivs a0@,fpa0 
fpmoves fpaO,a6@(-Oxc) 
fpmoves a6@(-Oxc),fpal 
fpatans fpal,fpal 
fpmoves fpal,a6@(-0x8) 



FPA disassembly can be disabled by setting the debugger variable f paasm to 
off. This causes dbx to disassemble FPA instmctions as long moves to 
addresses on the FPA page: 


(dbx) dbxenv fpaasm off 
(dbx) &f+0xl2/10i 



f+0xl2: 

movl 

a6@(Oxc),aO 


f+0xl6: 

movl 

a0@,0xe0000c00:l 


f+0xlc: 

movl 

a6@(0x8),aO 


f+0x20: 

movl 

a0@,0xe0000600:l 


f+0x2 6: 

movl 

OxeOOOOeOO:l,a6@(-0xc) 


f+0x2e: 

movl 

a6@ (-Oxc),0xe0000c08:1 


f+0x36: 

movl 

#0x41,0xe0000818:l 


f+0x40: 

movl 

OxeOOOOeOS:1,a6@(-0x8) 

> 
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When tracing a more complex program, one may occasionally want to step into a 
routine tiiat has been compiled with optimization on. In such routines, it is often 
the case that the compiled code addresses the FPA page by using base+short 
offset addressing. Such code can be difficult to recognize unless it is known 
ahead of time that a particular address register is being used to address the FPA. 
This situation can be identified by the presence of an instruction that loads the 
address of the FPA page (0xe(X)00000) into an address register before doing any 
floating-point arithmetic. 


For example, here is a disassembly of the beginning of an optimized FORTRAN 
routine compiled with the -0 and -f fpa options: 




(dbx) &ddot_/7i 
ddot__: link 

a6,#-0x2a0 

ddot +0x4: moveml 

#<d2,d3,d4,d5,d6,d7,a2,a3,a4,a5>,sp@ 

ddot +0x8: lea 

e0000000:l,a2 

ddot +0xe: movl 

a2@(0xe20),a6@(-0x278) 

ddot_+0xl4: movl 

a2@(0xe24),a6@(-0x274) 

ddot +0xla: movl 

a2@(0xe28),a6@(-0x270) 

ddot +0x20: movl 

a2@(0xe2c)^ a6@(-0x26c) 

j 


dbx does not know which register (if any) is being used to address the FPA in a 
given sequence of machine code. However, you may set the dbxenv variable 
f pabase to designate an MC68020 address register as an FPA base register. In 
this example, we note that the compiler has loaded the address of the FPA page 
into register a2, and so we designate a2 as the FPA base register to obtain the 
following: 


(dbx) dbxenv fpabase a2 
(dbx) &ddot_/7i 

ddot_: link a6,#-0x2a0 

ddot_+0x4: moveml #<d2,d3,d4,d5,d6,d7,a2,a3,a4,a5>,sp@ 
ddot_+0x8: lea eOOOOOOO:1,a2 

ddot_+Oxe: fpmoved@2 fpa4,a6@(-0x278) 

ddot_+0xla: fpmoved@2 fpaS,a6@(-0x270) 

ddot_+0x26: fpmoved@2 204ce:l,fpa5 

ddot_+0x36: fpmoved@2 204ce:l,fpa4 


4.15. Examples of FPA FPA data registers can be displayed using a syntax similar to that used for the 

Register Use MC68881 co-processor registers. Note that i^ike the MC68881 registers, FPA 

registers may contain either single-precision (32-bit) or double-precision (64-bit) 
values; MC68881 registers always contain an extended-precision (96-bit) value. 

For example, if f paO contains the single-precision value 2.718282, we may 
display it as follows: 
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r 



-\ 

(dbx) 

&$fpaO/f 



fpaO 

0x402df855 

+2.718282e+00 


V_ 



J 


Note that the value is displayed in hexadecimal as well as in floating point nota¬ 
tion. 


A double-precision value may be displayed using the /F format. For example, if 
fpaO contains the double-precision value 2.718281828, we may display it as 
follows: 





>1 

(dbx) 

&$fpaO/F 



fpaO 

0x4005bf0a 0x8b04919b 

+2.718281828000006+00 





_) 


Note that it is important to use the correct display format; attempting to display a 
double-precision value in single precision (and vice versa) will usually produce 
meaningless results. 

FPA registers can also be used in set commands and in arithmetic expressions. 
Since dbx cannot teU whether the value in an FPA register is single or double 
precision, dbx provides two sets of names to refer to FPA registers. The names 
{$ fpaO . . $f pa31} always cause the contents of the register to be interpreted 
as a double precision value; the names {$fpaOs. .$fpa31s} cause interpre¬ 
tation as a single precision value. Thus, the commands 


f - 

(dbx) 

set $fpa0s = 1.0 


(dbx) 

_ 

set $fpa0 = 1.0 

j 


cause different bit patterns to be stored in fpaO. 
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adb Tutorial 


5.1. A Quick Survey Available on most UNIX systems, adb is a debugger that permits you to examine 

core files resulting from aborted programs, display output in a variety of for¬ 
mats, patch files, and run programs with embedded breakpoints. This document 
provides examples of the more useful features of adb. The reader is expected to 
be familiar with basic SunOS commands, and with the C language. 

NOTE This chapter describes adb use on Sun-2, -3, and Sun-4s only. Chapter 6 
describes adb use on the Sun386i. 


Starting adb Start adb with a shell command of the form 



where objectfile is an executable SimOS file and corefile is a core dump file. If 
the object file is named a. out, then the invocation is 



If you place object files into a named program, then the invocation is 



The filename minus (-) means ignore the argument, as in: 



This is for examining the core file without reference to an object file. The adb 
program provides requests for examining locations in either file: ? examines the 
contents of objectfile, while / examines the contents of corefile. The general 
form of these requests is: 
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f 

% 

address / format 



_/ 



Current Address 


Formats 


adb maintains a current address, called dot. When an address is entered, the 
current address is set to that location, so that 



displays 10 decimal numbers starting at dot. Dot ends up referring to the address 
of the last item displayed. When used with the ? or / requests, the current 
address can be advanced by typing newline; it can be decremented by typing 

Addresses are represented by expressions. Expressions are made up of decimal 
integers, octal integers, hexadecimal integers, and symbols from the program 
under test. These may be combined with the operators + (plus), - (minus), * 
(multiply), % (integer divide), & (bitwise and), | (bitwise inclusive or), # (round 
up to the next multiple), and ~ (not). All arithmetic within adb is 32 bits. When 
typing a symbolic address for a C program, you can type name. On a Sun-2, 
Sun-3, or S\m-4 you could alternatively type L _name ; adb recognizes both 
forms on these systems, only the first on Sun386i. 


To display data, specify a collection of letters and characters to describe the for¬ 
mat of the display. Fonnats are remembered, in the sense that typing a request 
without a format displays the new output in the previous format. Here are the 
most commonly used format letters: 
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Table 5-1 Some adb Format Letters 


Letter 

Description 

b 

one byte in octal 

B 

one byte in hex 

c 

one byte as a character 

o 

one word in octal 

d 

one word in decimal 

f 

one long word in single-precision floating point 

i 

MC68(X)0 instmction on Sun-2 and Sun-3, 
SPARC instuction on Sun-4, and 80386 instmc¬ 
tion on Sun386i. 

s 

a nun terminated character string 

a 

the value of dot 

u 

one word as an unsigned integer 

n 

print a newline 

r 

print a blank space 


backup dot (not really a format) 

+ 

advance dot (not really a format) 


Format letters are also available for long values: for example, D for long 
decimal, and F for double-precision floating point. Since integers are long-words 
on the Sun-2 and Sun-3, capital letters are used more often then not. For other 
formats see Chapter 7 . 

General Command Meanings The general form of a command is: 

--^ 

[address [, countycommand [modifier} 

S_ 

which sets dot to address and executes command count times. The following 
table illustrates some general adb command meanings: 

Table 5-2 Some adb Commands 


Some adb Commands 

Command Meaning 

? 

Print contents from a.out file 

/ 

Print contents from core file 

= 

Print value of “dot” 

: 

Breakpoint control 

$ 

Miscellaneous requests 

r 

Request separator 

1 

Escape to shell 


Since adb catches signals, a user carmot use a quit signal to exit from adb. The 
request $q or $Q (or 1CTRL-D ft must be used to exit from adb. 
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5.2, Debugging C 
Programs 


Debugging A Core Image 


If you use adb because you are accustomed to it, you will want to compile pro¬ 
grams with the -go or -g option, to produce old-style symbol tables. This wiU 
make debugging proceed according to expectations. If you don’t compile pro¬ 
grams with -go (or -g), and the -0 option is set, the object code will be optim¬ 
ized, and may not so readily be understood as the same thing that was written in 
the source file. 



Consider the C program below, which illustrates a common error made by C pro¬ 
grammers. The object of the program is to change the lower case t to an upper 
case T in the string pointed to by ch, and then write the character string to the 
file indicated by the first argument. 




The bug is that the character T is stored in the pointer cp instead of in the string 
pointed to by cp. Compile the program as follows; 


/- 


% cc -go examplel.c 


% a.out junk 


Segmentation fault (core dumped) 





#include <stdio.h> 

char *cp = "this is a sentence."; 

main{argc, argv) 
int argc; 
char **argv; 

{ 

FILE *fp; 
char c; 

if (argc == 1) { 

fprintf(stderr, "usage: %s file\n", argv[0]); 
exit (1); 

} 

if ((fp = fopen(argv [1] , "w")) == NULL) { 
perror(argv[l]); 
exit(2); 

} 

cp = 'T''; 
while (c = *cp++) 
putc(c, fp); 
fclose(fp); 
exit(0); 


Executing the program produces a core dump caused by an illegal memory 
reference. Now invoke adb by typing: 

f ---^ 

% adb 

core file = core — program "a.out" 
memory fault 

^. 
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Commonly the first debugging request given is 




$c 


_main[8074]{2,fffd7c,fffd88) + 92 


V 

J 


which produces a C backtrace through the subroutines called. The ouq)ut from 
adb tells us that only one function — main — was called, and the arguments 
ar gc and argv have the hexadecimal values 2 and f f f d7 c respectively. Both 
these values look reasonable — 2 indicates two arguments, and f f f d7c equals 
the stack address of the parameter vector. The next request: 



\ 

$c 


_main[8074](2,fffd7c,fffd88) + 92 


fp: 10468 


c: 104 


V 

_ ) 


generates a C backtrace plus an interpretation of all the local variables in each 
function, and their values in hexadecimal. The value of the variable c looks 
incorrect since it is outside the ASCII range. The request 


r 



$r 



dO 

54 

f rame+2 4 

dl 

77 

frame+47 

d2 

2 

manl 

d3 

0 

exp 

d4 

0 

exp 

d5 

0 

exp 

d6 

0 

exp 

d7 

0 

exp 

aO 

54 

frame+24 

al 

0 

exp 

a2 

0 

exp 

a3 

fffd7c 


a4 

fffd88 


a5 

0 

exp 

a6 

fffd64 


sp 

fffd5c 


pc 

8106 

main+92 

ps 

0 

exp 

main+92: 

??? 



___> 


displays the registers, including the program counter, and an interpretation of the 
instmction at that location. The request 


f - 



'V 

$e 




_environ: 

fffd88 



sys nerr: 

48 



_ctype_: 

202020 



exit nhandlers; 

0 


exit tnames: 

9b06 





A 


w 
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displays the values of aU external variables. 

A map exists for each file handled by adb. The map for a. out files is refer¬ 
enced by ? whereas the map for core files is referenced by /. Furthermore, a 
good rule of thumb is to use ? for instructions and / for data when looking at 
programs. To display information about maps, type: 


$xa 


\ 

bl = 2000 

el = bOOO 

fl = 800 

b2 = 10000 

e2 = 11000 

f2 = 3800 

/ map 'core' 



bl = 10000 

el = 13000 

fl = 1800 

b2 = fffOOO 

e2 = 1000000 

f2 = 4800 



This produces a report of the contents of the maps. More about these maps later. 


In our example, we might want to see the contents of the string pointed to by cp. 
We would want to see the string pointed to by cp in the core file: 



Because the pointer was set to ' T' (hex 54) and tiien incremented, it now equals 
hex 55. On toe Sun-2 and Sun-3, there are no symbols below address 2000 (8000 
on a Sun-2), so toe data address 55 cannot be found. We could also display 
information about toe arguments to a function. To get toe decimal value of toe 
argc argument to main, which is a long integer, type: 



To display toe hex values of toe three consecutive cells pointed to by argv in 
toe function main, type: 
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Note that these values are the addresses of the arguments to main. Therefore, 
typing these hex values should yield the command-line arguments: 



displays the current address (not its contents) in hex, which has been set to the 
address of the first argument. The current address, dot, is used by adb to 
remember its current location. It allows the user to reference locations relative to 
the current address. For example 



prints the first command-line argument. 


Setting Breakpoints Set breakpoints in a program with the : b instruction, which has this form: 



Consider the C program below, which changes tabs into blanks, and is adapted 
from Software Tools by Kemighan and Plauger, pp. 18-27. 
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C0I++; 
break; 
case 'Xn': 

putchar (' \n.') ; 
col = 1; 
break; 
default: 

putchar(c); 

C0I++; 

} 

} 

exit(0); 

} 

tabposlcol) /* return YES if col is a tab stop, NO if not */ 
int col; 

{ 

if (col > MAXLIN) 
return(YES); 

else 

return(tabs[col]); 

} 

SGttab(tabp) /* set initial tab stops every TABSP spaces */ 
int *tabp; 

{ 

int i; 

for (i = 0; i <= MAXLIN; i++) 

(i % TABSP) ? (tabs[i] = NO) : (tabs[i] = YES); 

} 

«_< 

Run the program under the control of adb, and then set four breakpoints as fol¬ 
lows: 

f -> 

% adb a.out - 

settab:b 

tabpos:b 


This sets breakpoints at the start of the two functions. Sun compilers generate 
statement labels only with the -g option, which is incompatible with adb. 
Therefore it is impossible to plant breakpoints at locations other than function 
entry points using adb. To display the location of brealq)oints, type: 



r \ 
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A breakpoint is bypassed count-l times before causing a stop. The command 
field indicates the adb requests to be executed each time the breakpoint is 
encountered. In this example no command fields are present. 

Display the instructions at the beginning of function sett ab () in order to 
observe that the breakpoint is set after the link assembly instruction: 

setteib, 5?JLa 


_settab: 



settab: 

link 

a6,#0 

settab: 

addl 

#-4,a7 

settab+a: 

moveml 

#<>,sp@ 

settab+e: 

clrl 

a6e(-4) 

settab+12: 

cmpl 

#50,a6@<-4) 

settab+la: 



V _ 


_ ) 

This request displays five instructions starting at settab with the address of 

each location displayed. 

Another variation is 

settab,5?i 



settab: 



settab: 

link 

a6,#0 


addl 

#-4,a7 


moveml 

#<>,sp@ 


clrl 

a6@(-4) 


cmpl 

#50,a6@ (-4) 

V_ 




which displays the instructions with only the starting address. Note that we 
accessed the addresses from a. out with the ? command. In general, when ask¬ 
ing for a display of multiple items, adb advances the current address the number 
of bytes necessary to satisfy the request; in the above example, five instmctions 
were displayed and the current address was advanced 26 bytes. 


To run the program, type: 



To delete a breakpoint, for instance the entry to the function tabpos (), type: 


( - 


tabpos:d 



J 


Once the program has stopped, in this case at the breakpoint for settab (), 
adb requests can be used to display the contents of memory. To display a stack 
trace, for example, type: 


r 

■N 

$c 


_settab[8250](10658) + 4 


_main[8074](1,fffd84,fffdSc) + la 


_ 

) 
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And to display three lines of eight locations each from the array called tabs, 
type: 


f - 









N 

tabs,3/8x 










_tabs: 










_tabs: 

0 

0 

0 

0 

0 

0 

0 

0 



0 

0 

0 

0 

0 

0 

0 

0 



0 

0 

0 

0 

0 

0 

0 

0 













At this time (at location settab) the tabs array has not yet been initialized. If 
you just deleted die breakpoint at tabpos, put it back by typing: 

' > 
tabpos:b 

_ - 


To continue execution of the program from the breakpoint type: 


( 



6 

X 

... J 


You wiU need to give the a. out program a line of data, as in the figure above. 
Once you do, it will encounter a breakpoint at tabpos+4 and stop again. 
Examine the tabs array once more: now it is initialized, and has a one set in 
every eighth location: 


( - 









N 

tabs,3/8X 










_tabs: 










_tabs: 

1 

0 

0 

0 

0 

0 

0 

0 



1 

0 

0 

0 

0 

0 

0 

0 



1 

0 

0 

0 

0 

0 

0 

0 













You will have to type : c eight more times in order to get your line of output, 
since there is a breakpoint at every input character. Type ICTRL-DI to terminate 
the a. out process; you are back in command-level of adb. 

Advanced Breakpoint Usage The quit and interrupt signals act on adb itself, rather than on the program being 

debugged. If such a signal occurs, then the program being debugged is stopped 
and control is returned to adb. The signal is saved by adb and passed on to the 
test program if you type: 


( - 


:c 0 



J 


Now let’s reset the breakpoint at settab () and display the instructions located 
there when we reach the breakpoint This is accomplished by: 


^sun 

microsystems 
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f 





settab+4;b 

settab,5?la 




settab: 





__settab: 

link 

a6,#0 



settab+4: 

addl 

#-4,a7 



_settab+a: 

moveml 

#<>,sp@ 



settab+e: 

clrl 

a6@(-4) 



_settab+l2: 

cmpl 

#50,a6e(-4) 



_settab+la: 





breakpoint 

_settab+4: 

addl 

#-4,a7 






_J 


It is possible to stop every two breakpoints, if you type , 2 before the breakpoint 
command. Variables can also be displayed at the breakpoint, as illustrated 
below: 



This shows that the local variable col changes from 1 to 2 before the occurrence 
of the breakpoint. 

WARNING Setting a breakpoint causes the value of dot to be changed. However, execut¬ 
ing the program under adb does not change the value of dot. 


A breakpoint can be overwritten without first deleting the old breakpoint. For 
example: 


settab+4:b main.ptab/X; main.c/X 

: X 

fffd68: 10658 

fffd60: 0 

breakpoint _settab+4: addl #-4,a7 


The semicolon is used to separate multiple adb requests on a single line. 

Other Breakpoint Facilities Arguments and change of standard input and output are passed to a program as 

follows. This request kills any existing program under test and starts a. out 
afresh: 

- --— 

:r argl arg2 ... Kinfile >outfile 


The program being debugged can be single stepped as follows. If necessary, this 
request starts up the program being debugged and stops after executing the first 
instruction: 
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You can enter a program at a specific address by typing: 
address : r 

The count field can be used to skip the first n breakpoints, as follows: 



This request may also be used for skipping the first n breakpoints when continu¬ 
ing a program: 


,n:c 

A program can be continued at an address different from the breakpoint by: 



The program being debugged runs as a separate process, and can be lolled by: 
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5.3. File Maps SunOS supports several executable file formats. Executable type 407 is gen¬ 

erated by the cc (or Id) flag -N. Executable type 410 is generated by the flag 
-n. An executable type 413 is generated by the flag -z; the default is type 413. 
adb interprets these different file formats, and provides access to the different 
segments through a set of maps. To display the maps, type $m from inside adb. 

407 Executable Files In 407-format files, instructions and data are intermixed. This makes it impossi¬ 

ble for adb to differentiate data from instructions, but adb wifi, display in either 
format. Furthermore, some displayed symbolic addresses look incorrect (for 
example, data addresses as offsets from routines). Here is a picture of 407- 
format files: 


Figure 5-1 Executable File Type 407 


a. out 








core 

hdr 

text + data 


i stack 







Here are the maps and variables for 407-format files: 
/-^ 

$m 

? map 'a.out' 


bl = 2000 

el = 8f28 

fl = 20 

b2 = 8000 

e2 = 9560 

f2 = 20 

/ map 'core' 



bl = 8000 

el = b800 

fl = 1800 

b2 = fffOOO 

e2 = 1000000 

f2 = 5000 


$v 

variables 
b = 0100000 
d = 03070 
e = 0407 
m = 0407 
s = 010000 
t = 07450 
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410 Executable Files 


In 410-format files (pure executable), instructions are separate from data. The ? 
command accesses the data part of the a. out file, telling adb to use the second 
part of the map in that file. Accessing data in the core file shows the data after 
it was modified by the execution of the program. Notice also that the data seg¬ 
ment may have grown during program execution. Here is a picture of 410-fonnat 
files: 



Figure 5-2 Executable File Type 410 


a. out 


hdr 


text 


data 


core 






hdr 

data 


stack 


Here are the maps and variables for 410-format files: 

-^ 

$01 


? map 'a.out' 

bl = 2000 

el = 8f28 


fl = 20 

b2 = 10000 

e2 = 10638 


f2 = f48 

/ map 'core' 

bl = 10000 

el = 12800 


fl = 1800 

b2 = fffOOO 

e2 = 1000000 


f2 = 4000 


$v 

variables 
b = 0200000 
d = 03070 
e = 0410 
m = 0410 
s = 010000 
t = 07450 

^ _ / 
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413 Executable Files In 413-fonnat files (pure demand-paged executable) the instractions and data are 

also separate. However, in this case, since data is contained in separate pages, 
the base of the data segment is also relative to address zero. In this case, since 
the addresses overlap, it is necessary to use the ? * operator to access the data 
space of the a. out file. In both 410 and 413-format files the corresponding 
core file does not contain the program text. Here is a picture of 413-format 
files; 


Figure 5-3 Executable File Type 413 


a. out 








core 

hdr 

data 


1 stack 


The only difference between a 410 and a 413-fonnat file is that 413-format seg¬ 
ments are rounded up to page boundaries. Here are the maps and variables for 
413-fonnat files: 

$m 

? map ' abort 


bl = 2000 

el = 9000 

fl = 800 

b2 = 10000 

e2 = 10800 

f2 = 1800 

/ map 'core' 



bl = 10000 

el = 12800 

fl = 1800 

b2 = fffOOO 

e2 = 1000000 

f2 = 4000 


$v 

variables 
b = 0200000 
d = 04000 
e = 0413 
m = 0413 
s = 010000 
t = 010000 

^. 


NOTE In the example above, bl = 2000 would be hi = 8000 for a Sun-2. 


Variables The b, e, and f fields are used to map addresses into file addresses. The f 1 field 

is the length of the header at the beginning of the file — 020 bytes for an a. out 
file and 02000 bytes for a core file. The f 2 field is the displacement from the 
beginning of the file to the data. For a 407-format file with mixed text and data, 
this is the same as the length of the header, for 410-fonnat and 413-fonnat files, 
this is the length of the header plus the size of the text portion. The b and e fields 
are the starting and ending locations for a segment. Given the address ^4, the 
location in the file (either a. out or core) is calculated as: 
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5.4. Advanced Usage 


Formatted Dump 


/”-V 

bl<A<el file address = (A-bl)+fl 
b2<A<e2 file address = (A-b2)+f2 

s_- 



You can access locations by using the adb-defined variables. The $v request 
displays the variables initialized by adb: 

b base address of data segment, 

d length of the data segment, 

s length of the stack, 

t length of the text, 

m execution type (407,410,413). 

Those variables not presented are zero. Use can be made of these variables by 
expressions such as 



A 

<b 


v_ 

J 


in the address field. Similarly, the value of a variable can be changed by an 
assignment request such as 


f - 

-\ 

02000>b 


V . . 



which sets b to octal 2000. These variables are useful to know if the file under 
examination is an executable or core image file. 



The adb program reads the header of the core image file to find the values for 
these variables. If the second file specified does not seem to be a core file, or if it 
is missing, then the header of the executable file is used instead. 


One of the uses of adb is to examine object files without symbol tables since 
dbx cannot handle this kind of task. 

With adb, you can combine formatting requests to provide elaborate displays. 
Several examples are given below. 


The following adb command line displays four octal words followed by their 
ASai inteipretation fi-om the data space of the core file: 

<b,-l/4o4"8Cn 

s_^_> 

Broken down, the various requests mean: 

<b The base address of the data segment 

<b, -1 Print from the base address to the end-of-file. A negative count is used 
here and elsewhere to loop indefinitely or until some error condition 
(like end-of-file) is detected. 
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The format 4o4 " 8Cn is broken down as follows: 

4o Print 4 octal locations. 

4 " Back up the current address 4 locations (to the original start of the 
field). 

8C Print 8 consecutive characters using an escape convention; each char¬ 
acter in the range 0 to 037 is displayed as followed by the correspond¬ 
ing character in the range 0140 to 0177. An @ is displayed as @@. 

n Print a newline. 


The following request could have been used instead to allow the displaying to 
stop at the end of the data segment. (The request <d provides the data segment 
size in bytes.) 



Because adb can read in scripts, you can use formatting requests to produce 
image dump scripts. Invoke adb as follows: 



This reads in a script file, dump, containing formatting requests. Here is an 
example of such a script: 



The request 12 0 $ w sets the width of the output to 120 characters (normally, the 
width is 80 characters), adb attempts to display addresses as: 



The request 4 0 9 5 $ s increases the maximum peraiissible offset to the nearest 
symbolic address from the default 255 to 4095. The request = can be used to 
display literal strings. Thus, headings are provided in this dump program with 
requests of the form: 
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Accounting File Dump 


Converting Values 


r 


=3n"C Stack Backtrace" 


1_ 



This spaces three lines and displays the literal string. The request $v displays all 
non-zero adb variables. The request 0 $ s sets the maximum offset for symbol 
matches to zero, thus suppressing the display of symbolic labels in favor of octal 
values. Note that this is only done for displaying the data segment. The request 



-N 

<h, -l/8ona 



J 


displays a dump from the base of the data segment to the end-of-file with an octal 
address field and 8 octal numbers per line. 


As another illustration, consider a set of requests to dump the contents 
/etc/utmp or /usr/adm/wtmp, both of which are composed of 8-character 
terminal names, 8-character login names, 16-character host names, and a 4-byte 
integer representing the login time. 

- 

% adb /etc/utnf> - 

0,-l?cccccccc8tcccccccc8tccccccccccccccccl6tYn 

s_> 

The c format is repeated 8 times, 8 times, and 16 times. The 8t means go to 
align on an 8-character-position boundary, and 16t means to align on a 16- 
character-position boundary. Y causes the 4-byte integer representing the login 
time to print in ctime(3) format. 


You can use adb to convert values from one representation to another. For 
example, to print the hexadecimal number f f in octal, decimal, and hexade¬ 
cimal, type: 


f - 

> 

ff = odx 


072 58 #3a 


_ 

_ ) 


The default input radix of adb is hexadecimal. Formats are remembered, so that 
typing subsequent numbers will display them in the same format. Character 
values may be converted as well: 




- N 

'a.' = oc 



0141 

a 




) 


This technique may also be used to evaluate expressions, but be warned that aU 
binary operators have the same precedence, which is lower than for unary opera¬ 
tors. 


sun 

microsystems 
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5.5. Patching Patching files with adb is accomplished with the write requests w or W. This is 

often used in conjunction with the locate requests 1 or L. In general, the syntax 
for these requests is as follows: 




?1 value 


V_ 

J 


The 1 matches on two bytes, whereas L matches four bytes. The w request writes 
two bytes, whereas w writes four bytes. The value field in either locate or write 
requests is an expression. Either decimal and octal numbers, or character strings, 
are permitted. 


In order to modify a file, adb must be invoked as follows: 


/ 

% adb -w filel file2 


V_ 

J 


When invoked with this option, andfilel are created if necessary, and 
opened for both reading and writing. 

Note: The $W command has the same effect during an adb session as the -w 
option used on the command line. 


For example, consider the following C program, zen. c: We will change the 
word "Thys" to "This" in the executable file. 


r 




V 

char 

strl [] 

= "Thys 

is 

a character string"; 

int one 

= 1; 




int number = 

456; 



long 

Inum 

= 1234; 



float 

fpt = 

1.25; 



char 

main () 

{ 

one 

} 

str2 [] 

= "This 

is 

the second character string"; 

= 2; 



J 


Use the following requests: 


( - 


% adb -w zen - 


<b?l 'Th' 


?W 'This' 


V 

J 


The request <b?l starts at the start of the data segment and stops at the first 
match of “Th”, having set dot to the address of the location found. Note the use 
of ? to write to the a. out file. The form ?* would be used for a 410-format 
file. 

More frequently the request is typed as: 


f 


?1 'Th'; ?s 

_ 


J 


»sun 
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which locates the first occurrence of “Th”, and display the entire string. Execu¬ 
tion of this adb request sets dot to the address of those characters in the string. 



NOTE Be careful when using the 11 or Ih commands of gaps in the address range that 
you want to search. 


As another example of the utihty of the patching facility, consider a C program 
that has an internal logic flag. The flag could be set using adb, before running 
the program. For example: 


c - 


% adb a.out - 


:s argl arg2 


flag/w 1 


:c 


1 

j 


5.6. Anomalies 


The : s request is normally used to single step through a process or start a pro¬ 
cess in single step mode. In this case it starts a. out as a subprocess with argu¬ 
ments argl and arg2. If there is a subprocess running, adb writes to it rather 
than to the file so the w request caused flag to be changed in the memory of the 
subprocess. 

Below is a list of some strange things that users should be aware of. 

1) When displaying addresses, adb uses either text or data symbols from the 
a. out file. This sometimes causes unexpected symbol names to be 
displayed with data (for example, savr 5+02 2). This does not happen if ? 
is used for text (instmctions) and / for data. 

2) The adb debugger cannot handle C register variables in the most recently 
activated function. 




®sun 
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6.1. A Quick Survey Available on most UNIX systems, adb is a debugger that permits you to examine 

core files resulting from aborted programs, display output in a variety of for¬ 
mats, patch files, and run programs with embedded breakpoints. This document 
provides examples of the more usefiil features of adb. The reader is expected to 
be familiar with basic SunOS commands, and with the C language. 


Starting adb Start adb with a shell command like 



If you place object files into a named program, then the invocation is a bit 
harder: 



The filename minus (-) means ignore the argument, as in: 



This is for examining the core file without reference to an object file. The adb 
program provides requests for examining locations in either file: ? examines the 
contents of objec0le, while / examines the contents of corbie. The general 
form of these requests is: 
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Current Addbress 


Formats 


adb maintains a current address, called dot. When an address is entered, the 
current address is set to that location, so that 




displays 10 decimal numbers starting at dot. Dot ends up referring to the address 
of the last item displayed. When used with the ? or / requests, the current 
address can be advanced by typing newline; it can be decremented by typing ". 

Addresses are represented by expressions. Expressions are made up of decimal 
integers, octal integers, hexadecimal integers, and symbols from the program 
under test. These may be combined with the operators + (plus), - (minus), * 
(multiply), % (integer divide), & (bitwise and), | (bitwise inclusive or), # (round 
up to die next multiple), and ~ (not). All arithmetic within adb is 32 bits. When 
typing a symbolic address for a C program, you can type name. On a Sun-2, 
Sun-3, or Sun-4 you could alternatively type _name; adb recognizes both forms 
on these systems, only the first on Sun386i. 

To display data, specify a collection of letters and characters to describe the for- 
mat of the display. Formats are remembered, in the sense that typing a request 
without a format displays the new output in the previous format. Here are the 
most commonly used format letters: 





nrijcrasystems 
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Table 6-1 Some adb Format Letters 


Letter 

Description 

b 

one byte in octal 

B 

one byte in hex 

c 

one byte as a character 

o 

one word in octal 

d 

one word in decimal 

f 

one long word in single-precision floating point 

i 

MC68000 instruction on Sun-2 and Sun-3, 
SPARC instuction on Sun-4, and Sun386i 
instruction on Sun386i. 

s 

a null terminated character string 

a 

the value of dot 

u 

one word as an unsigned integer 

n 

print a newline 

r 

print a blank space 


backup dot (not really a format) 

+ 

advance dot (not really a format) 


Format letters are also available for long values; for example, D for long 
decimal, and F for double-precision floating point. Since integers are long-words 
on the Sun, capital letters are used more often then not. For other formats see the 
Chapter 5. 

General Request Meanings The general form of a request is: 


address r count command modifier 


V_ 

J 


which sets dot to address and executes command count times. The following 
table illustrates some general adb command meanings: 

Table 6-2 Some ei6b Commands 


Some adb Commands 

Command Meaning 

7 

Print contents from a.out file 

/ 

Print contents from core file 

= 

Print value of expression 

: 

Breakpoint control 

$ 

Miscellaneous requests 

r 

Request separator 

1 

Escape to shell 


Since adb catches signals, a user carmot use a quit signal to exit from adb. The 
request $q or $Q (or I CTRL-D 1 1 must be used to exit from adb. 
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If you use adb because you are accustomed to it, you wiU want to compile pro¬ 
grams with the -go option, to produce old-style symbol tables. This will make 
debugging proceed according to expectations. 

Consider the C program below, which illustrates a common error made by C pro¬ 
grammers. The object of the program is to change the lower case t to an upper 
case T in the string pointed to by ch, and then write the character string to the 
file indicated by the first argument. 

'-X 

tinclude <stdio.h> 

char *cp = "this is a sentence."; 

main(argc, argv) 
int argc; 
char **argv; 

{ 

FILE *fp; 
char c; 

if (argc == 1) { 

fprintf(stderr, "usage: %s file\n", argv[0]); 
exit(1); 

} 

if {(fp = fopen(argv[1], "w")) == NULL) { 
perror(argv[1]); 
exit(2); 

} 

cp = '1'; 
while (c = *cp++) 
putc(c, fp)/ 
fclose(fp); 
exit (0); 

} 

^_ j 

The bug is that the character T is stored in the pointer cp instead of in the string 
pointed to by cp. Compile the program as follows: 


- - 

\ 

% cc -go exanplel.c 


% a.out junk 


Segmentation fault (core dumped) 


1 

_^ 


Executing the program produces a core dump because of an out-of-bounds 
memory reference. Now invoke adb by typing: 


c - 

A 

% adb 


core file = core — program "a.out" 


memory fault 


V 

J 


Commonly the first debugging request given is 


6.2. Debugging C 

Programs on Sun386i 

Debugging A Core Image 
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- -- ^ 

$c 

main[8074]{2,fffd7c,fffd88) + 92 
^___/ 

which produces a C backtrace through the subroutines called. The output from 
adb tells us that only one function — main — was called, and the arguments 
argc and argv have the hexadecimal values 2 and f f f d7 c respectively. Both 
these values look reasonable — 2 indicates two arguments, and fffdVc equals 
the stack address of the parameter vector. The next request: 


( - 

> 

$c 


main[8074](2,fffd7c,fffd88) + 92 


fp: 10468 


c: 104 


V 

J 


generates a C backtrace plus an interpretation of aU the local variables in each 
function, and their values in hexadecimal. The value of the variable c looks 
incorrect since it is outside the ASCII range. The request 

$r 




1 

gs 

OxfbffOOOO 

ecx 

0x28680 


f s 

OxfbffOOOO 

eax 

0x54 


es 

0xfcff0083 

retaddr 

0xfc06e38e 


ds 

0x83 

trapno 

Oxe 


edi 

0x30890 

err 

0x4 


esi 

0x28680 

eip 

0xl20b 

main+OxlOf 

ebp 

Oxfbfffec8 

cs 

0x7b 


esp 

Oxfcff97e0 

efl 

0x10206 

end+0x7202 

ebx 

0x2a0c0 

uesp 

OxfbfffecO 


edx 

Oxfbfffe6a 

ss 

0x83 


main+OxlOf: movb 

(%eax),%al 




V_ ) 


displays the registers, including the program counter, and an interpretation of the 
instruction at that location. The request 

r 


$e 


cp: 

0x55 

exit nhandlers: 0x0 

exit tnames 

: 0x35dc 

ctype : 

0x20202000 

smbuf: 

0x65c0 

iob: 

0x0 

mallinfo: 

0x0 

root: 

0x0 

Ibound: 

0x0 

ubound: 

0x0 

curbrk: 

0x9004 

errno: 

0x0 

environ: 

0xfbfffef4 

end: 

0x0 


___^ 
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displays the values of all external variables. 

A map exists for each file handled by adb. The map for a. out files is refer¬ 
enced by ? whereas the map for core files is referenced by /. Furthermore, a 
good rule of thumb is to use ? for instmctions and / for data when looking at 
programs. To display information about maps, type: 


$m 

bl = 8000 

el 

= bOOO 

fl = 800 

b2 = 10000 

e2 

= 11000 

f2 = 3800 

/ map 'core' 

bl = 10000 

el 

= 13000 

' fl = 1800 

b2 = fffOOO 

e2 

= 1000000 

f2 '= 4800 


V_ ) 


This produces a report of the contents of the maps. More about these maps later. 


hi our example, we might want to see the contents of the string pointed to by cp. 
We would want to see the string pointed to by cp in the core file: 


r 


*cp/s 


55; 


data address not found 



J 


Because the pointer was set to ' T' (hex 54) and then incremented, it now equals 
hex 55. On the Sun386i, there is nothing mapped at this address, so the data at 
address 55 cannot be found. We could also display information about the argu¬ 
ments to a function. To get the decimal value of the argc argument to main, 
which is a long integer, type: 


f 

main.argc/D 



fffd6c: 

2 


V_ 


J 


To display the hex values of the three consecutive cells pointed to by argv in 
the function main, type: 


f - 




♦main.argv,3/X 

fffd7c: fffdcO 

fffdc6 

0 





J 


Note that these values are the addresses of the arguments to main. Therefore, 
typing these hex values should yield the command-line arguments: 


r 



fffdcO/s 

fffdcO: 

a. out 


k_ 


_> 

The request: 

r 




fffdcO 


1_ 
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displays the current address (not its contents) in hex, which has been set to the 
address of the first argument. The current address, dot, is used by adb to 
remember its current location. It allows the user to reference locations relative to 
the current address. For example 


/- 



.+6/s 



fffdc6: 

zzz 


V_ 


J 


Setting Breakpoints 


prints the first command-line argument. 

You set breakpoints in a program with the : b instruction, which has this form: 


r 

-^\ 

address :b [ request ] 



J 


Consider the C program below, which changes tabs into blanks, and is adapted 
from Software Tools by Kemighan and Plauger, pp. 18-27. 


#include <stdio.h> 

#define MAXLIN 80 
tdefine YES 1 
#define NO 0 
tdefine TABSP 8 

int tabs[MAXLIN]; 


main () 
{ 


int *ptab, col, c; 

/* set initial tab stops */ 


ptab = tabs; 
settab(ptab); 
col = 1; 

while ( (c = getcharO) != EOF) { 
switch (c) { 

case ' \t' : 

while (tabpos(col) != YES) { 
putchar (' '); 
col++; 

1 

putchar(' '); 
col++; 
break; 
case '\n' : 

putchar( '\n ’); 
col = 1; 
break; 
default: 

putchar(c); 
col++; 

} 

} 

exit(0); 
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Run the program under the control of adb, and then set two breakpoints as fol¬ 
lows: 



This sets breakpoints at the start of the two functions. Sim compilers generate 
statement labels only with the -g option, which is incompatible with adb. In 
adb, you can set breakpoints anywhere, but you can only refer to a breakpoint as 
a function entry point plus an offset. To display the location of breakpoints, 
type: 



A breakpoint is bypassed count-! times before causing a stop. The command 
field indicates the adb requests to be executed each time the breakpoint is 
encountered. In this example no command fields are present. 

Display the instructions at the beginning of function sett ab () in order to 
observe tiiat the breakpoint is set after the link assembly instruction: 
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- " 


> 

settab,5?ia 



settab: 



settab: 

jmp 

settab-t-0x58 

settab+5: 

movl 

$0,-4(%ebp) 

settab+Oxc: 

jrnp 

settab+0x48 

settab+Oxll: 

movl 

-4(%ebp),%eax 

settab+0xl4: 

movl 

$8,%ecx 

settab+0xl9: 



V_ 


J 


This request displays five instructions starting at settab with the address of 
each location displayed. Another variation is 





N 

settab,5?i 




settab: 




settab: 


jmp settab+0x58 



movl 

$0,-4 (%ebp) 



jmp 

settab+0x48 



movl 

-4(%ebp),%eax 



movl 

$8,%ecx 


V 



J 


which displays the instructions with only the starting address. Note that we 
accessed the addresses from a. out with the ? command. In general, when ask¬ 
ing for a display of multiple items, adb advances the current address the number 
of bytes necessary to satisfy the request; in the above example, five instmctions 
were displayed and t he current address was advanced 26 bytes. 


To run the program, type: 



Once the program has stopped, in this case at the breakpoint for settab (), 
adb requests can be used to display the contents of memory. To display a stack 
trace, for example, type: 


( 


$c 


settab[8250](10658) + 4 


main[8074](1,fffd84,fffd8c) + la 


1 

J 
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And to display three lines of eight locations each from the array called tabs, 
type: 


c 

tabs,3/8X 

tabs: 









tabs: 0 

0 

0 

0 

0 

0 

0 

0 


0 

0 

0 

0 

0 

0 

0 

0 


0 

0 

0 

0 

0 

0 

0 

0 

> 


At this time (at location sett ab) the tabs array has not yet been initialized. If 
you just deleted the breakpoint at tabpos, put it back by typing: 


f 



tabpos:b 

~~ 




_/ 


To continue execution of the program from the breakpoint type: 

'-V 

:c 

X 

V_ 


You will need to give the a. out program a line of data, as in the figure above. 
Once you do, it will encounter a breakpoint at tabpos+4 and stop again. 
Examine the tabs array once more: now it is initialized, and has a one set in 
every eighth location: 


/- 

tabs,3/8X 

tabs: 








—^ 

tabs: 1 

0 

0 

0 

0 

0 

0 

0 


1 

0 

0 

0 

0 

0 

0 

0 


1 

V 

0 

0 

0 

0 

0 

0 

0 




You will have to type : c eight more times in order to get your line of output, 
since there is a breakpoint at every input character. Type [ CTrL-D 1 to terminate 
the a. out process; you are back in command-level of adb. 

Advanced Breakpoint Usage The quit and interrupt signals act on adb itself, rather than on the program being 

debugged. If such a signal occurs, then the program being debugged is stopped 
and control is returned to adb. The signal is saved by adb and passed on to the 
test program if you type: 


:c 0 

^ ___ / 

Now let’s reset the breakpoint at settab () and display the instructions located 
there when we reach the breakpoint. This is accomplished by: 
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It is possible to stop every two breakpoints, if you type , 2 before the breakpoint 
command. Variables can also be displayed at the breakpoint, as illustrated 
below: 



of the breakpoint. 

WARNING Setting a breakpoint causes the value of dot to be changed. However, execut¬ 

ing the program under adb does not change the value of dot. 


A breakpoint can be overwritten without first deleting the old breakpoint. For 
example: 



The semicolon is used to separate multiple adb requests on a single line. 


Other Breakpoint Facilities Arguments and change of standard input and output are passed to a program as 

follows. This request kills any existing program under test and starts a. out 
afresh: 



The program being debugged can be single stepped as follows. If necessary, this 
request starts up the program being debugged and stops after executing the first 
instruction: 
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— 


,n:r 



J 




This request may also be used for skipping the first n breakpoints when continu- 


mg a program: 



,n:c 


k 



A program can be continued at an address different from the breakpoint by: 


f - 

> 

address: c 







The program being debugged runs as a separate process, and can be killed by: 




Revision: A of May 9, 1988 










Chapter 6 — Sun386i adb Tutorial 77 


6.3. File Maps Sun SunOS supports several executable file formats. 

NOTE On the Sun386i, all executable files are COFF files. An additional COFF header 
precedes the a.out header; this a. out header is slightly different than the Sun- 
2, Sun-3, or Sun-4 a. out header. However, the executable file types are identi¬ 
cal. 

Executable type 407 is generated by the cc (or Id) flag -N. Executable type 410 
is generated by the flag -n. An executable type 413 is generated by the flag -z; 
the default is type 413. adb interprets these different file formats, and provides 
access to the different segments through a set of maps. To display the maps, type 
$m from inside adb. 

407 Executable Files In 407-format files, instructions and data are intermixed. This makes it impossi¬ 

ble for adb to differentiate data from instractions, but adb will happily display 
in either format. Furthermore, some displayed symbolic addresses look incorrect 
(for example, data addresses as offsets from routines). Here is a picture of 407- 
format files: 


Figure 6-1 Executable File Type 407 


a. out 

hdr 

text + data 


core 

hdr 

text + data 



stack 


Here are the maps and variables for 407-format files: 
$m 

? map 'a.out' 


bl = 8000 

el = 8f28 

fl = 20 

b2 = 8000 

e2 = 9560 

o 

<N 

II 

CN 

/ map 'core' 



bl = 8000 

el = b800 

fl = 1800 

b2 = fffOOO 

e2 = 1000000 

f2 = 5000 


$v 

variables 
b = 0100000 
d = 03070 
e = 0407 
m = 0407 
s = 010000 
t = 07450 

._L 
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410 Executable Files 


In 410-fonnat files (pure executable), instructions are separate from data. The ? 
command accesses the data part of the a. out file, telling adb to use the second 
part of the map in that file. Accessing data in the core file shows the data after 
it was modified by the exepution of the program. Notice also that the data seg¬ 
ment may have grown during program execution. Here is a picture of 410-format 
files: 



Figure 6-2 Executable File Type 410 


a. out 








core 

hdr 

data 


stack 







Here are the maps and variables for 410-format files: 


? map 'a.out ' 


bl = 8000 

el = 8f28 

fl = 20 

b2 = 10000 

e2 = 10638 

f2 = f48 

/ map 'core' 



bl = 10000 

el = 12800 

fl = 1800 

b2 = fffOOO 

e2 = 1000000 

f2 = 4000 


$v 

variables 
b = 0200000 
d = 03070 
e = 0410 
m = 0410 
s = 010000 
t = 07450 ' 
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413 Executable Files 


In 413-fonnat files (pure demand-paged executable) the instructions and data are 
also separate. However, in this case, since data is contained in separate pages, 
the base of the data segment is also relative to address zero. In this case, since 
the addresses overlap, it is necessary to use the ? * operator to access the data 
space of the a. out file. In both 410 and 413-format files the corresponding 
core file does not contain the program text. Here is a picture of 413-format 
files: 



Figure 6-3 Executable File Type 413 


a. out 


hdr 


text 


data 







core 

hdr 

data 


stack 


The only difference between a 410 and a 413-format file is that 413 segments are 
rounded up to page boimdaries. Here are the maps and variables for 413-format 
files: 


8O0O 

el = 9000 

fl = 800 

10000 

e2 = 10800 

f2 = 1800 

'core' 



10000 

el = 12800 

fl = 1800 

fffOOO 

e2 = 1000000 

f2 = 4000 


$m 

? map 


/ map 


$v 

variables 
b = 0200000 
d = 04000 
e = 0413 
m = 0413 
s = 010000 
t = 010000 


'abort' 
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Variables 


6 . 4 . Advanced Usage 


Formatted Dump 


The b, e, and f fields are used to map addresses into file addresses. The f 1 field 
is the length of the header at the beginning of the file — 020 bytes for an a. out 
file and 02000 bytes for a core file. The f 2 field is the displacement from the 
beginning of the file to the data. For a 407-format file with mixed text and data, 
this is the same as the length of the header, for 410 and 413-fonnat files, this is 
the length of the header plus the size of the text portion. The b and e fields are 
the starting and ending locations for a segment. Given the address A, the location 
in the file (either a. out or core) is calculated as: 


— 

N 

bl<A<el file address = (A-bl)+fl 


b2<A<e2 file address = (A-b2)+f2 



J 


You can access locations by using the adb-defined variables. The $ v request 
displays the variables initialized by adb: 

b base address of data segment, 

d length of the data segment, 

s length of the stack, 

t length of the text, 

m executiontype(407,410,413). 


Those variables not presented are zero. Use can be made of these variables by 
expressions such as 


— 


<b 


V. 

> 


in the address field. Similarly, the value of a variable can be changed by an 
assignment request such as 




02000>b 



J 


which sets b to octal 2000. These variables are useful to know if the file under 
examination is an executable or core image file. 

The adb program reads the header of the core image file to find the values for 
these variables. If the second file specified does not seem to be a core file, or if it 
is missing, then the header of the executable file is used instead. 


One of the uses of adb is to examine object files without symbol tables; dbx 
cannot handle this kind of task. With adb, you can even combine formatting 
requests to provide elaborate displays. Several examples are given below. 




The following adb command line displays four octal words followed by their 
ASCII interpretation from the data space of the core file: 


f - 


<b,-l/4o4-'8Cn 



J 

sun 
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Broken down, the various requests mean; 

<b The base address of the data segment. 

<b, -1 Print from the base address to the end-of-file. A negative count is used 
here and elsewhere to loop indefinitely or until some error condition 
(like end-of-file) is detected. 

The format 4o4 " 8Cn is broken down as follows: 

4 o Print 4 octal locations. 

4 " Back up the current address 4 locations (to the original start of the 
field). 

8 C Print 8 consecutive characters using an escape convention; each char¬ 
acter in the range 0 to 037 is displayed as followed by the correspond¬ 
ing character in the range 0140 to 0177. An @ is displayed as @ @. 

n Print a newline. 

The following request could have been used instead to allow the displaying to 

stop at the end of the data segment. 


r 

-- 

<b,<d/404''8Cn 


v_ 

... . . J 


The request <d provides the data segment size in bytes. Because adb can read 
in scripts, you can use formatting requests to produce image dump scripts. 
Invoked adb as follows: 


r 


% adb a.out core < dunp 

/ 

V_ 

_) 


This reads in a script file, dump, containing formatting requests. Here is an 
example of such a script: 




120$w 


4095$s 


$v 


=3n 


$in 


=3n”C Stack Backtrace" 


$c 


=3n"C External Variables" 


$e 


=3n"Registers" 


$r 


0$s 


=3n"Data Segment" 


<b,-l/8ona 


V_ 

> 


The request 12 0 $ w sets the width of the output to 120 characters (normally, the 
width is 80 characters), adb attempts to display addresses as: 
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symbol + ojfset 

^ _ / 


The request 40 95 $ s increases the maximum permissible offset to the nearest 
symbolic address from the default 255 to 4095. The request = can be used to 
display literal strings. Thus, headings are provided in this dump program with 
requests of the form: 

- 

=3n"C Stack Backtrace" 


Accounting File Dump 


Converting Values 


This spaces three lines and displays the literal string. The request $v displays aU 
non-zero adb variables. The request 0 $ s sets the maximum offset for symbol 
matches to zero, thus suppressing the display of symbolic labels in favor of octal 
values. Note that this is only done for displaying the data segment. The request 



displays a dump from the base of the data segment to the end-of-file with an octal 
address field and 8 octal numbers per line. 

As another illustration, consider a set of requests to dump the contents 
/etc/utmp or /usr/adm/wtmp, both of which are composed of 8-character 
terminal names, 8-character login names, 16-character host names, and a 4-byte 
integer representing the login time. 


% adb /etc/utn^j - 

0, -l?cccccccc8tcccccccc8tccccccccccccccccl6tYn 


The c format is repeated 8 times, 8 times, and 16 times. The 8t means go to the 
8th tab stop, and 16t means to to the 16th tab stop. Y causes the 4-byte integer 
representing the login time to print in ctime(3) format. 



You can use adb to convert values from one representation to another. For 
example, to print the hexadecimal number f f in octal, decimal, and hexade¬ 
cimal, type: 



N 

£f = odbc 


072 58 #3a 


V_ 



The default input radix of adb is hexadecimal. Formats are remembered, so that 
typing subsequent numbers will display them in the same format. Character 
values may be converted as well: 


c 

'a.' = oc 



0141 

a 


1 


> 
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This technique may also be used to evaluate expressions, but be warned that aU 
binary operators have the same precedence, which is lower than for unary opera¬ 
tors. 

6.5. Patching Patching files with adb is accomplished with the write requests w or w. This is 

often used in conjunction with the locate requests 1 or L. In general, the syntax 
for these requests is as follows: 


r 


?1 value 


V_ 

J 


The 1 matches on two bytes, whereas L matches four bytes. TTie w request writes 
two bytes, whereas w writes four bytes. The value field in either locate or write 
requests is an expression. Either decimal and octal numbers, or character strings, 
are permitted. 

In order to modify a file, adb must be invoked as follows: 


f 

> 

% adb -w filel file! 

— 

_/ 


When invoked with this option, _/i/e7 and file2 are created if necessary, and 
opened for both reading and writing. 


For example, consider the following C program, z en, c: We will change the 
word "Thys" to "Thys" in the executable file. 


f - 




-\ 

char 

strl [] 

= "Thys 

is 

a character string"; 

int one 

= 1; 




int number = 

456; 



long 

Inum 

= 1234; 



float 

fpt = 

1.25; 



char 

main() 

{ 

one 

} 

V_ 

str2[] 

= "This 

is 

the second character string"; 

= 2; 



J 


Use the following requests: 


r 


% adb -w zen - 


?1 'Th' 


?W 'This' 



J 


The request ? 1 starts a dot and stops at the first match of “Th”, having set dot to 
the address of the location foxmd. Note the use of ? to write to the a. out file. 
The form ?* would be used for a 411 file. 
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6.6. Anomalies 


More frequently the request is typed as: 


f - 


?1 'Th'; ?s 


1 

J 



which locates the first occurrence of “Th”, and display the entire string. Execu¬ 
tion of this adb request sets dot to the address of those characters in the string. 

As another example of the utility of the patching facility, consider a C program 
that has an internal logic flag. The flag could be set using adb, before running 
the program. For example: 

- 

% adb a.out - 
:s argl arg2 
flag/w 1 
:c 

s_- 


The : s request is normally used to single step through a process or start a pro¬ 
cess in single step mode. In this case it starts a. out as a subprocess with argu¬ 
ments argl and arg2. If there is a subprocess running, adb writes to it rather 
than to the file so the w request caused flag to be changed in the memory of the 
subprocess. 


Below is a list of some strange things that users should be aware of. 

1) When displaying addresses, adb uses either text or data symbols from the 
a. out file. This sometimes causes unexpected symbol names to be 
displayed with data (for example, savr 5+02 2). This does not happen if ? 
is used for text (instmctions) and / for data. 

2) The adb debugger caimot handle C register variables in the most recently 
activated function. 
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adb Options 


7.2. Using adb 




adb [ -w ] [ ~k ] [ -I ] [ objec0le [ corefile ] ] 

adb is an interactive, general-purpose, assembly-level debugger, that examines 
files and provides a controlled environment for executing SunOS programs. 

Normally objecfile is an executable program file, preferably containing a symbol 
table. If the file does not contain a symbol table, it can still be examined, but the 
symbolic features of adb caimot be used. The default objectfile is a. out. 

The corefile is assumed to be a core image file produced after executing objectfile 
and having a problem causing the core image to be dumped to the file core. The 
default corefile is core. 


-w Create both objectfile and corefile if necessary and open them for reading 
and writing so they can be modified using adb. 

-k Do SunOS kernel memory mapping; should be used when corefile is a 
SunOS crash dump or /dev/mem. 

-I Specifies a directory where files to be read with $< or $« (see below) will 
be sought; the default is /usr/lib/adb. 

adb reads commands from the standard input and displays responses on the stan¬ 
dard output, ignoring QUIT signals. An INTERRUPT signal returns to the next 
adb command. 

adb saves and restores terminal characteristics when running a sub-process. This 
makes it possible to debug programs that manipulate the screen. See tty(A). 

In general, requests to adb are of the form 

[ address ] [, count ] [ command ] [; ] 

The symbol dot (.) represents the current location. It is initially zero. If address 
is present, then dot is set to address. For most commands count specifies how 
many times the command will be executed. The default count is 1 (one). Both 
address and count may be expressions. 



87 
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7.3. adb Expressions 


The value of dot. 

+ The value of dot incremented by the current increment. 

The value of dot decremented by the current increment. 
& The last address typed; this used to be ”. 



integer 

A number. The prefixes Oo and OO (zero oh) force interpretation in octal 
radix; the prefixes Ot and OT force interpretation in decimal radix; the 
prefixes Ox and OX force interpretation in hexadecimal radix. Thus 0o20= 
0tl6=0xl0= sixteen. If no prefix appears, then the d^qult radix is used; 
see the $d command. The default radix is initially hexadecimal. Hexade¬ 
cimal digits are 0123456789abodef ABCDEF with the obvious values. 
Note that if a hexadecimal number starts with a letter, but does not duplicate 
a defined symbol, it is accepted as a hexadecimal value. To enter a hexade¬ 
cimal number that is the same as a defined symbol, precede it by 0, Ox, or 
OX. 

' cccc' 

The ASCII value of up to 4 characters. A backslash (\) may be used to 
escape a'. 


<name 

The value of name, which is either a variable name or a register name; adb 
maintains a number of variables (see variables) named by single letters 
or digits. If name is a register name, then the value of the register is 
obtained from the system header in corefile. The register names are those 
printed by the $r command. 



symbol 

A symbol is a sequence of upper or lower case letters, underscores or digits, 
not starting with a digit. The backslash character (\) may be used to escape 
other characters. The value of the symbol is taken from the symbol table in 
objectfile. An initial _ will be prepended to symbol if needed. 

_symbol 

In C, the true name of an external symbol begins with underscore O- It 
may be necessary to use this name to distinguish it from internal or hidden 
variables of a program. 


NOTE symbol applies only to Sun-2, Sun-3, and Sun-4. It is not used on Sun386i. 


routine.name 

The address of the variable name in the specified C routine. Both routine 
and rume are symbols. If name is omitted the value is the address of the 
most recently activated C stack frame corresponding to routine. Works only 
if the program has been compiled using the -go flag. See cc(l). 


e s Sun386i only. Like s, but steps over subroutine calls instead of into 
them. 
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Unary Operators 


Binary Operators 


( expr) The value of the expression ejtpr. 


^expression 

The contents of the location addressed by exp in corefile. 

% expression 

The contents of the location addressed by exp in objecfile (used to be @). 

—expression 

Integer negation. 

~ expression 

Bitwise complement. 

§ expression 

Logical negation. 

"F expression 

(Control-f) Translates program addresses into source file addresses. Works 
only if the program has been compiled using the -go flag. See cc(l). 

" ^expression 

(Control-a) Translates source file addresses into program addresses. Works 
only if the program has been compiled using file -go flag. See cc(l). 

'name 

(Back-quote) Translates a procedure name into a source file address. Works 
only if the program has been compiled using the -go flag. See cc(l). 

"filename" 

A filename enclosed in quotation marks (for instance, main. c) produces 
the source file address for the zero-th line of that file. Thus to reference the 
third line of the file main.c, we say: "main. c"+3. Works only if the pro¬ 
gram has been compiled using the —go flag. See cc(l). 

Binary operators are left associative and are less binding than unary operators. 

expression-1 + expression-2 
Integer addition. 

expression-1 —expression-2 
Integer subtraction. 

expression-1 * expression-2 
Integer multiplication. 

expression-1 ^expression-2 
Integer division. 

expression-1 & expression-2 
Bitwise conjunction. 

expression-1 i expression-2 
Bitwise disjunction. 
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7.4. adb Variables 


7.5. adb Commands 

adb Verbs 


expression-1 # expression-2 

Expression! rounded up to the next multiple of expression2. 

adb provides several variables. Named variables are set initially by adb but are 
not used subsequently. Numbered variables are reserved for communication as 
follows: 

0 The last value printed. 

1 The last offset part of an instruction source. 

2 The previous value of variable 1. 

9 The count on the last $< or $« command. 

On entry the following are set from the system header in the corefile. If corefile 
does not appear to be a core file then these values are set from objecifile. 

b The base address of the data segment. 

d The data segment size. 

e The entry point. 

m The ‘magic" number (0407, 0410 or 0413), depending on the file"s type. 
(See Section 5.3.) 

s The stack segment size. 

t The text segment size. 

Commands to adb commands consist of a verb followed by a modifier or list of 
modifiers. 

The verbs are: 

? Print locations starting at address in objecfile. 

/ Print locations starting at address in corefile. 

= Print the value of address itself. 

@ Interpret address as a source file address, and print locations in objectfile or 
lines of the source text. Works only if the program has been compiled using 
the -go flag. See cc(l). 

: Manage a subprocess. 

$ Execute miscellaneous commands. 

> Assign a value to a variable or register. 

RETURN 

Repeat the previous command with a count of 1. Dot is incremented by its 
current increment. 

! Call the shell to execute the following command. 



microsystems 


Revision: A of May 9,1988 




Chapter 7 — adb Reference 91 


Each verb has a specific set of modifiers, these are described below. 

?, /, @, and = Modifiers The first four verbs described above take the same modifiers, which specify the 

format of command output. Each modifier consists of a format letter (fletter) 
preceded by an optional repeat count ( rcount). Verb can take one or more 
modifiers. 

{?,/, 0,= } {{rcount]fletter ...\ 

Each modifier specifies a format that increments dot by a certain amount, which 
is given below. If a command is given without a modifier, the last specified for¬ 
mat is used to display output. The following table shows the format lettere, the 
amount they increment dot, and a description of what each letter does. Note that 
all octal numbers output by adb are preceded by 0. 


Format 

Dot+= 

Description 

o 

2 

Print 2 bytes in octal. 

0 

4 

Print 4 bytes in octal. 

q 

2 

Print in signed octal. 

Q 

4 

Print long signed octal. 

d 

2 

Print in decimal. 

D 

4 

Print long decimal. 

X 

2 

Print 2 bytes in hexadecimal. 

X 

4 

Print 4 bytes in hexadecimal. 

h 

2 

Sun386i only. Print 2 bytes in hexadecimal in reverse 
order. 

H 

4 

Sun386i only. Print 4 bytes in hexadecimal in rever:^ 
order. 

u 

2 

Print as an unsigned decimal number. 

U 

4 

Print long unsigned decimal. 

f 

4 

Print the 32 bit value as a floating point number. 

F 

8 

Print double floating point. 

b 

1 

Print the addressed byte in octal. 

B 

1 

Sun386i only. Print the addressed byte in hexadecimal. 

c 

1 

Print the addressed character. 

C 

1 

Print the addressed character using the standard escape 
convention. Print control characters as "X and the delete 
character as " ?. 
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Format 

Dot+= 

Description 

s 

n 

Print the addressed characters until null character is 
reached; n is the length of the string including its zero ter¬ 
minator. 

S 

n 

Print string using the escape conventions of C; n is the 
length of the string including its zero terminator. 

Y 

4 

Print 4 bytes in ctime(3) format. 

i 

n 

Print as machine instructions; n is the number of bytes 
occupied by the instruction. In this format, variables 1 
and 2 are set to the offset parts of the source and destina¬ 
tion respectively. 

M 

n 

Sun386i only. Print as machine instructions along with 
machine code; n is the number of bytes occupied by the 
instruction. In this format, variables 1 and 2 are set to the 
offset parts of the source and destination, respectively. 

z 

n 

Print as machine instructions with MC68010 instruction 
timings; n is the number of bytes occupied by the instruc¬ 
tion. In this format, variables 1 and 2 are set to the offset 
parts of the source and destination respectively. 

I 

0 

Print the source text line specified by dot (@ command), 
or most closely corresponding to dot (? command). 

a 

0 

Print the value of dot in symbolic form. Symbols are 
checked to ensure that they have an appropriate type as 
indicated below. 

/ local or global data symbol 
? local or global text symbol 
= local or global absolute symbol 

P 

4 

Print the addressed value in symbolic form using the 
same rules for symbol lookup as with a. 

A 

0 

Print the value of dot in source file symbolic form, that is: 
"file"+nnn. Works only if the program has been 
compiled with the -go flag. See cc(l). 

P 

4 

Print the addressed value in source file symbolic form, 
that is: "file"+nnn. Works only if the program has been 
compiled using the -go flag. See cc(l). 

t 

0 

When preceded by an integer, tabs to the next appropriate 
tab stop. For example, 8t moves to the next 8-space tab 
stop. 

r 

0 

Print a space. 

n 

0 

Print a newline. 

11 ri 

0 

Print the enclosed string. 
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? and / Modifiers 


; Modifiers 


Format 

DOt->r = 

Description 


0 

Dot decremented by current increment; nothing is printed. 

+ 

0 

Dot incremented by 1; nothing is printed. 

- 

0 

Dot decremented by 1; nothing is printed. 


Only the verbs ? and / take the following modifiers: 

[ ?/ ] 1 value mask 

Words starting at dot are masked with mask and compared to value 
until a match is found. If the command is L instead of 1, the match is 
for 4 bytes at a time instead of 2. If no match is found dot is 
unchanged; otherwise dot is set to the matched location. If mask is 
omitted then -1 is used. 

[ ? / ] w value ... 

Write the 2-byte value into the addressed location. If the command is 
W instead of w, write 4 bytes instead of 2. If the command is v, write 
only 1 byte. Odd addresses are not allowed when writing to the sub¬ 
process address space. 

[ ?/]m blelfl [ ?/ ] 

New values for (Jjl,el,fl) are recorded. If fewer than three 
expressions are given, then the remaining map parameters are left 
unchanged. If the ? or / is followed by *, then the second segment 
Q}2, e2,f2) of the address mapping is changed (see Address Mapping 
below). If the list is terminated by ? or /, then the file, objectfile or 
corefile respectively, is used for subsequent requests. For example, 
/m? causes / to refer to objectfile. 

Only the verb : takes the following modifiers: 

a cmd Sun386i only. Set a data access breakpoint at address. Like b except 
that the breakpoint is hit when the program reads or writes to address. 

b cmd Set breakpoint at address. The breakpoint is executed count-1 times 
before causing a stop. Each time the breakpoint is encountered the 
command cmd is executed. If this command is omitted or sets dot to 
zero, then the breakpoint causes a stop. 

w Sun386i only. Set a data write breakpoint at address. Like b except 

that the breakpoint is hit when the program writes to address. 

B Like b but takes a source file address. Works only if the program has 

been compiled using the -go flag. See cc(l). 

d Delete breakpoint at address. 

D Like d but takes a source file address. Works only if the program has 

been compiled using the —go flag. See cc(l). 
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$ Modifiers 


z 

r 


c 5 


s s 


S 


u 


i 


t 

k 

A 


R 


Sun386i only. Delete all breakpoints. 

Run objecifile as a subprocess. If address is given explicitly, then the 
program is entered at this point; otherwise, the program is entered at its 
standard entry point. An optional count specifies how many break¬ 
points are to be ignored before stopping. Arguments to the subprocess 
may be supplied on the same line as the command. An argument start¬ 
ing with < or > causes the standard input or output to be established for 
the command. All signals are enabled on entry to the subprocess. 


The subprocess is continued with signal s\ see sigyecQ.). If address is 
given then the subprocess is continued at this address. If no signal is 
specified, then the signal that caused the subprocess to stop is sent. 
Breakpoint skipping is the same as for r. 


Same as for c except that the subprocess is single stepped count times. 
If there is no current subprocess, then objecifile is run as a subprocess 
as for r. In this case no signal can be sent; the remainder of the line is 
treated as an argument list for the subprocess. 


Like s but single steps by source lines, rather than by machine instruc¬ 
tions. This is achieved by repeatedly single-stepping machine instruc¬ 
tions until the corresponding source file address changes. Thus pro¬ 
cedure caUs cause stepping to stop. Works only if the program has 
been compiled using the -go flag. See cc(l). 

Sun386i only. Continue uplevel, stopping after the current routine has 
returned. Should only be given after the frame pointer has been pushed 
on the stack. 




Add the signal specified by address to the list of signals that are passed 
directly to the subprocess with the minimum of interference. Nor¬ 
mally, adb intercepts aU signals destined for the subprocess, and the 
: c command must be issued to continue the process with the signal. 
Signals on this list are handed to the process with an implicit : c com¬ 
mands as soon as they are seen. 

Remove the signal specified by address from the list of signals that are 
implicitly passed to the subprocess. 

Terminate (kill) the current subprocess, if any. 

Sun386i only. Attach the process whose process ID is given by 
address. The PID is generally preceded by Ot so that it wfll be inter¬ 
preted in decimal. 

Sun386i only. Release (detach) the current process. 


Only the verb $ takes the following modifiers: 

< file Read commands from file. If this command is executed in a file, 

further commands in the file are not seen, fffile is omitted, the current 
input stream is terminated. If a count is given, and it is zero, the 



Revision: A of May 9,1988 



Chapter 7 — adb Reference 95 



command will be ignored. The value of the count will be placed in 
variable 9 before the first command in file is executed. 

« file Similar to <, but can be used in a file of commands without closing the 
file. Variable 9 is saved during the execution of this command, and 
restored when it completes. There is a small, finite limit to the number 
of « files that can be open at once. 

>file Append output to ^/e, which is created if it does not exist. If file is 
omitted, output is returned to the terminal. 

? Print the process id, the signal that stopped the subprocess, and the 

registers. Produces the same response as $ used without any modifier. 

r Print the general registers and the instruction addressed by pc; dot is 

set to pc. 

b Print aU breakpoints and their associated counts and commands. 

c C stack backtrace. If address is given, it is taken as the address of the 

current frame instead of the contents of the frame-pointer register. If 
count is given, only the first count frames are printed. 

C Similar to c, but in addition prints the names and 32-bit values of all 

automatic and static variables for each active function. Works only if 
the program has been compiled using the -go flag. See cc(l). 

d Set the default radix to address and report the new value. Note that 

address is interpreted in the (old) current radix. Thus 10$d never 
changes the default radix. To make the default radix decimal, use 
OtlO$d. 

e Print the names and values of external variables, 

w Set the page width for output to address (default 80). 

s Set the limit for symbol matches to address (default 255). 

o Regard all input integers as octal, 

q Exit adb. 

V Print aU non-zero variables in octal, 

m Print the address map. 

f Print a list of known source file names, 

p Print a list of known procedure names. 

p For kernel debugging. Change the current kernel memory mapping to 

map the designated user structure to the address given by the symbol 
_u. The address argument is the address of the user"s proc stmcture. 

i Show which signals are passed to the subprocess with the minimum of 

adb interference. Signds may be added to or deleted from this list 
using the : i and : t commands. 
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w Re-open objecifile and corefile for writing, as though the -w, 

command-line argument had been given. 

1 Sun386i only. Set the length in bytes (1,2, or 4) of the object refer¬ 

enced by :aand :wto address. Default is 1. 

7.6. adb Address Mapping The interpretation of an address depends on its context. If a subprocess is being 

debugged, addresses are interpreted in the usual way (as described below) in the 
address space of the subprocess. If the operating system is being debugged, 
either post-mortem or by using the special file /dev/mem to interactively exam¬ 
ine and/or modify memory, the maps are set to map the kernel virtual addresses, 
which start at zero. For some commands, the address is not interpreted as a 
memory address at aU, but as an ordered pair representing a file number and a 
line number within that file. The @ command always takes such a source file 
address, and several operators are available to convert to and from the more cus¬ 
tomary memory locations. 

The address in a file associated with a written address is determined by a map¬ 
ping associated with that file. Each mapping is represented by two triples (pi, 
el, fl) a.nd(b2,e2,f2), mdihe file address coin^spondmgto a y/nuen address 
is calculated as follows. 

bl < address < => file address = address +fl-bl 

otherwise 

b2 < address < e2 => file address = address + f2 - b2 

Otherwise, the requested address is not legal. If a ? or / request is followed by 
an *, only the second triple is used. 

The initial setting of both mappings is suitable for normal a. out and core 
files. If either file is not of the kind expected then, for that file, bl is set to 0, el 
is set to the maximum file size, and// is set to 0. This way, the whole file can be 
examined with no address translation. 


7.7. See Also 


For more information, read dbx(l),ptrace(2), a.out(5), and core(5) in the man- 
pages. 


7.8. Diagnostic Messages 
from adb 


After startup, the only prompt adb gives is 


/- 

- >v 

adb 


\_ 

_ ) 


when there is no current command or format. On the other hand, adb supplies 
comments about inaccessible files, syntax errors, abnormal termination of com¬ 
mands, etc. Exit status is 0, unless the last command failed or returned non-zero 
status. 


wsun 

xr microsystems 
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7.9. Bugs There is no way to clear all breakpoints with a single command, except on the 

Sun386i. 

Since no shell is invoked to interpret the arguments of the : r command, the cus¬ 
tomary wildcard and variable expansions cannot occur. 

Since there is little type checking on addresses, using a source file address in an v 
inappropriate context may lead to unexpected results. 

7.10. Sun-3 FPA Support Release of the floating point accelerator (FPA) for the Sun-3 required some 

in adb changes to adb, in order to support assembly language debugging of programs 

that use the FPA. Here are changes made to adb in Release 3.1 and later: 

1. The new debugger variables A through z are reserved for special use by 
adb. They should not be used in adb scripts. 

2. The FPA registers f pa0 through f pa31 are recognized and can be used or 
modified in debugger commands. This extension only applies to a machine 
with an FPA. 

3. The debugger variable F governs FPA disassembly. This is equivalent to the 
dbx environment variable f paasm. A value of 0 indicates tlwt aU FPA 
instmctions are to be treated as move instructions. A nonzero value is used 
to indicate that FPA instruction sequences are to be disassembled and single 
stepped using FPA assembler mnemonics. On a machine with an FPA, the 
default value is 1; on other machines, the default value is 0. 

4. The debugger variable B is used to designate an FPA base register. This is 
equivalent to the dbx environment variable f pabase. If FPA disassembly 
is disabled (the F flag = 0) its value is ignored. Otherwise, its value is inter¬ 
preted as follows: 

0 through 7: 

Based-mode FPA instmctions that use the corresponding address regis¬ 
ter in [ aO. . a7 ] to address the FPA are also disassembled using FPA 
assembler mnemonics. Note that this is independent of the actual run¬ 
time value of the register. 

otherwise: 

All based-mode FPA instmctions are disassembled and single-stepped 
as move instmctions. 

The default value of the FPA base register number is -1, which designates 
no FPA base register. 

5. The command $x has been added to display the values of FPA registers 

f paO through fpal5, along with FPA control registers and the current con¬ 
tents of the FPA instmction pipeline. AU registers are displayed in the for¬ 
mat: 

- 

<low word> <high word> <double precision> <single precision> 
_ V 


This verbose display is used because FPA registers are typeless; in 
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7.11. Examples of FPA 
Disassembly 


I • 

particular, they may contain either single or double precision floating point ^ 
values. If a single precision value is stored, it is always stored in the high- 
order word. Machines without an FPA display the message “no FPA . 

6. The command $X is similar to $x, but displays the FPA registers f pal 6 
through fpa31 instead of fpaO through fpalS. This is done as a separate 
command because adb cannot display the contents of aU FPA registers in a 
single standard-size window. 

7. The command $R displays the contents of the data and control registers of 
the standard mc68881 floating point coprocessor. Note: this is a change 
from release 3.0. 


As an example, consider the following assembly source fragment: 



On machines without an FPA, the default mode is to disassemble aU FPA 
instructions as moves. For the example program, the following output is pro¬ 
duced (except the parenthesized comments added here for explanation): 

% as foo.s -o foo.o 

% adb foo.o 

<F=d 

0 (default value of "F" on a machine without FPA) 

foo?ia 

foo: movl dO,0xe0000380 (normal disassembly) 

^_I_- 



FPA disassembly can be enabled by setting the debugger variable F to 1. For 
example: 



On machines with an FPA, FPA disassembly is on by default, so the above out¬ 
put is produced without having to set the value of F. 


Some FPA instructions may address the FPA using a base register in 
[aO . . a7 ]. In practice, only [ aO . . a5 ] are used by the compilers. 

adb does not know which register (if any) is being used to address the FPA in a 
given sequence of machine code. However, another debugger variable (B) may 
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be set by the user to designate a register as an FPA base register. By default, this 
variable has the value —1, which means that no register should be assumed to 
point at the FPA, so only instractions that access die FPA using absolute address¬ 
ing are recognized as HPA instmctions. 

For the example program, a machine with an FPA produces the following output: 

f -s 

% adb foo.o 
<F=d 

1 (default value of "F" on a machine with FPA) 

<B=d 

-1 (default value of "B") 

foo,3?ia 

foo: fpadds dO,fpaO (FPA disassembly) 

0x6: movl dO,a0@(0x380) (normal disassembly) 

Oxa: movl dO,a5@(0x380) (normal disassembly) 

Oxe: 

V_^ 


Note that the second and third instmctions are still disassembled as moves, since 
adb cannot assume that they access the FPA. Continuing this example, if the 
FPA base register number is set to 5, the following output is produced: 


f - 

% adb foo.o 

5>B 

<B=d 

C. 




foo,3?ia 

foo: 

fpadds 

dO,fpaO 

(FPA disassembly) 

0x6: 

movl 

dO,a0@(0x380) (normal disassembly) 

Oxa: 

Oxe: 

fpadds@5 

dO,fpaO 

(FPA disassembly) 


Note that the second instmction is still disassembled as a move, since a5, the 
register designated as the FPA base, is not used. 


7.12. Examples of FPA FPA data registers can be displayed using a syntax similar to that used for the 

Register Use 68881 co-processor registers. Note that unlike the 68881 registers, FPA registers 

may contain either single precision (32-bit) or double precision (64-bit) values; 
68881 registers always contain an extended precision (96-bit) value. 


For example, if f paO contains the value 2.718282, we may display it as follows: 






s 

<fpa0=f 

fpa3 

0x402df855 

+2.718282e+00 






> 


Note that the value is displayed in hexadecimal as well as in floating point nota¬ 
tion. Unfortunately, an FPA register can only be set to a hexadecimal value. To 
set f paO to 1.0, for example, you must know that this is represented as 
0x3f800000in IEEE single-precision format: 
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Debugging SunOS Kernels with adb 


This document describes the use of extensions made to the SimOS debugger adb 
for the purpose of debugging the StmOS kernel. It discusses the changes made to 
allow standard adb commands to function properly with the kernel and intro¬ 
duces the basics necessary for users to write adb command scripts that may be 
used to augment the standard adb command set. The examination techniques 
described here may be applied to running systems, as well as the post-mortem 
dumps automatically created by sa:vecore{%) after a system crash. The reader is 
expected to have at least a passing familiarity with the debugger command 
language. 

8.1. Introduction Modifications have been made to the standard UNIX debugger adb to simplify 

examination of the post-mortem dump generated automatically following a sys¬ 
tem crash. These changes may also be used when examining SunOS in its nor¬ 
mal operation. This document serves as an introduction to the use of these facili¬ 
ties, but should not be constmed as a description of how to debug the kernel. 

Getting Started Use the -k option of adb when you want to examine the SunOS kernel: 


r 

% adb -k /vmunix /dev/mem 

-\ 

V_ 

J 


The -k option makes adb partially simulate the Sun virtual memory manage¬ 
ment unit when accessing the core file. In addition, the internal state maintained 
by the debugger is initialized from data structures maintained by the SunOS ker¬ 
nel explicitly for debugging.! A post-mortem dump may be examined in a simi¬ 
lar fashion: 

- ^ 

% adb -k vmunix.? vmcore.? 

» _ / 

Supply the appropriate version of the saved operating system image, and its core 
dump, in place of the question mark. 



t If the —k flag is not used when invdcing adb, the user must explicitly calculate virtual addresses. With 
the —k option, adb interprets page tables to automatically perform virtual to physical address translation. 
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Establishing Context 


During initialization adb attempts to establish the context of the currently active 
process by examining the value of the kernel variable panic regs. This 
structure contains the register values at the time of the caU to the panic {) rou¬ 
tine. Once the stack pointer has been located, this command generates a stack 
trace: 


r 

. X 

$c 


V_ 

J 



An alternate method may be used when a trace of a particular process is required; 
see Section 6.3 for details. 


8.2. adb Command Scripts This section supplies details about writing adb scripts to debug the kernel. 

Extended Formatting Once the process context has been established, the complete adb command set is 

Facilities available for interpreting data structures. In addition, a number of adb scripts 

have been created to simplify the structured printing of commonly referenced 
kernel data stmctures. TTie scripts normally reside in the directory 
/usr/lib/adb, and are invoked with the $< operator. Standard scripts are 
listed below in Table 6-1. 


As an example, consider the listing that starts on the next page. The listing con¬ 
tains a dump of a faulty process" s state. 


% adb -k vinunlx.3 vnicora.3 

sbr 50030 sir 51e 
physmem 3c0 

$c 

_panic[10fec]{5234d) + 3c 
_ialloc[16ea8](d44a2,2,dff) + c8 
_maknode[ld476](dff) +44 
_copen[lc480] (602,-1) + 4e 
_cr6at 0 +16 
_syscall[2ea0a]() + 15e 
levels 0 + 6c 
5234d/8 

_nldisp+175: ialloc: dup alloc 


■u$<u 





_u : 





_u: 

pc 





4be0 




_u+4: 

d2 

d3 

d4 

d5 


13b0 

0 0 

0 


_u+14: 

d6 

d7 




0 

2604 



_u+lc: 

a2 

a3 

a4 

a5 


0 

C7800 

5a958 


u+2c: 

a6 

a7 




3e62 

3e48 



_u+3 4: 

sr 





27000000 




_u+38: 

pObr 

pOlr 

plbr 

pllr 


d7160 
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105000 40000022 fd7f4 

Iffe 

_u+48: 


szpt sswap 




1 

0 




u+50: 


procp 

arO 

comm 



d7160 3fb2 

dtime"@^@ 


_u+158: 


argO argl 

arg2 




1001c -1 

ffffa4 


_u+178: 


uap qsave 


error 


2958 

2eb4 6 

1 


0 

_u+lb2: 


rvl rv2 

eosys 



0 

14cac 

0 



_u+lbc: 


uid gid 





49 

10 




_u+lcO; 


groups 





10 

-1 

-1 

-1 



-1 

-1 

-1 

-1 


u+leO: 


ruid rgid 





49 

10 




_u+le4; 


tsize 

dsize 


ssize 


7 

lb 

2 



_u+344: 


odsize 

ossize 


out i me 


0 

0 

0 



_jj+350: 


signal 





0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



sigmask 





0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 


_u+450: 


onstack 

oldmask 


code 


0 

80002 

0 



u+45c: 


sigstack onsigstack 




0 

0 




_u+464: 


of ile 





d66b4 d66b4 

d66b4 0 


0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



0 

0 

0 

0 



pofile 





0 

0 0 0 

0 0 

0 

0 

. 
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0 

0 0 

0 

0 

0 

0 0 


-\ 


0 

0 0 

0 






_u+4c8: 


cdir 

rdir 


ttyp 

ttyd cmask 




d44a2 

0 


5c6c0 0 12 




ru & 

cru 







_u+4d8: 


utime 




stime 




0 

0 


0 


35b60 



u+4e8: 


maxrss 


ixrss 

idrss 

isrss 



9 

35 


43 





_u+4f8: 


minfIt 


majfIt 

nswap 




0 

5 


0 





_u+504: 


inblock 


oublock 

msgsnd 

msgrcv 



3 

7 


0 


0 



_u+514: 


nsignals 

nvcsw 


nivcsw 




0 

12 


4 





_u+520: 


utime 




stime 




0 

0 


0 


0 



_u+530: 


maxrss 


ixrss 

idrss 

isrss 



0 

0 


0 





_u+540; 


minfIt 


ma jf It 

nswap 




0 

0 


0 





_u+54c; 


inblock 


oublock 

msgsnd 

msgrcv 



0 

0 


0 


0 



u+55c: 


nsignals 

nvcsw 


nivcsw 




0 

0 


0 





0d7160$<proc 








d7160: 


link 

rlink 


addr 




590e0 

0 


1057f4 



d716c: 


upri pri 

cpu 

stat time 

nice sip 




066 

024 020 

03 

01 

024 

0 



d7173: 


cursig 


sig 






0 

0 







d7178: 


mask 

ignore 


catch 




0 

0 


0 





d7184: 


flag 

uid 

pgrp 

pid 

ppid 




8001 

31 

2f 

2f 

23 




d7190: 


xstat 


ru 


poip szpt tsize 




0 

0 


0 

1 

7 



d719e: 


dsize 


ssize 

rssize 

maxrss 



lb 

2 


5 


fffff 



d71ae: 


swrss 


swaddr 

wchan 

textp 



0 

0 


0 


d8418 



d71be: 


pObr 

xlink 


ticks 




105000 

0 


15 




d71c8: 


%cpu 



ndx 

idhash pptr 




0 



6 

2 

d70d4 



d71d4: 


real itimer 







0 

0 


0 


0 



d71e4: 


quota 


ctx 






0 

5f236 






OdS 4 1 8 $<'be3rt: 








d8418: 


daddr 







V_ 
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^ - 

284 

0 

0 

0 





0 

0 

0 

0 





0 

0 

0 

0 





ptdaddr 

size 

caddr 

iptr 




184 

7 

d7160 


d47e0 




rssize 

swrss 

count 

ccount flag slptim 

poip 



4 0 

01 01 

042 0 

0 




V_ 







J 


The cause of the crash was a panic (see the stack trace) due to a duplicate 
inode allocation detected by the ialloc () routine. The majority of the 
dump was done to illustrate the use of command scripts used to format kernel 
data structures. The u script, invoked by the command u$<u, is a lengthy series 
of commands to pretty-print the user vector. Likewise, proc and text are 
scripts to format the obvious data structures. Let"s quickly examine the text 
script, which has been broken into a number of lines for readability here; in actu¬ 
ality it is a single line of text. 

C ^ ..> 

./"daddr"nl2Xn\ 

"ptdaddr"l6t"size"16t"caddr"16t"iptr"n4Xn\ 

”rssize"8t"swrss"8t"count"8t"ccount"8t"flag"8t"slptim"8t"poip"n2x4bx 
^^_. 


The first line produces the list of disk block addresses associated with a swapped 
out text segment. The n format forces a newline character, with 12 hexadecimal 
integers printed immediately after. Likewise, the remaining two lines of the 
command foraiat the remainder of the text structure. The expression 16t tabs to 
the next column which is a multiple of 16. 

The majority of the scripts provided are of this nature. When possible, the for- 
^ matting scripts print a data structure with a single format to allow subsequent 
reuse when interrogating arrays of structures. That is, the previous script could 
have been written: 

./"daddr”nl2Xn 

+/"ptdaddr"16t"size"16t”c addr"161"ipt r”n 4Xn 

+/”rssize"8t"swrss"8t"count"8t"ccount”8t"flag"8t"slptim"8t"poip"n2x4bx 

V_ __y 


But then, reuse of the format would have invoked only the last line of the format. 

Traversing Data Structures The adb command language can be used to traverse complex data stractures. 

One such data structure, a linked hst, occurs quite often in the kernel. By using 
adb variables and the normal expression operators it is a simple matter to con- 
stmct a script which chains down the hst, printing each element along the way. 

For instance, the queue of processes awaiting timer events, the callout queue, is 
printed with the following two scripts: 
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The first line of the script callout starts the traversal at the global symbol 
calltodo and prints a set of headings. It then skips the empty portion of the 
structure used as the head of the queue. The second line then invokes the script 
callout. nxt moving dot to the top of the queue — *+ performs the indirec¬ 
tion through the link entry of the structure at the head of the queue. The script 
callout. nxt prints values for each column, then performs a conditional test 
on the link to the next entry. This test is performed as follows: 



This means if the value stored in <1 is non-zero, then the current input stream 
(from the script callout. nxt) is terminated. Otherwise, the expression #<1 
is zero, and the $< operator is ignored. That is, the combination of the logical 


negation operator #, adb variable <1, and operator $<, in effect, creates a state¬ 
ment of the form: 



The remaining line of callout. nxt simply reapplies the script on the next 
element in the linked list. A sample callout dump is shown below: 
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Supplying Parameters 


% adb 

-k /vmunlx /dev/mem 


sbr 50030 sir 51e 
physmem 3c0 
$<callout 
_calltodo: 
calltodo: time 

arg 

func 

d9fc4 


5 

0 

roundrobin 

d9f94 


1 

0 

if slowtimo 

d9fd4 


1 

0 

_schedcpu 

d9fa4 


3 

0 

_pf f asttimo 

d9fe4 


0 

0 

_schedpaging 

d9fb4 


15 

0 

_pfslowtimo 

d9ff4 


12 

0 

_arptimer 

da044 


736 

d7390 

realitexpire 

da004 


206 

d6fbc 

realitexpire 

da024 


649 

d741c 

realitexpire 

da034 


176929 

d7304 _realitexpi 


> 


A command script may use the address and count portions of an adb command 
as parameters. An example of this is the setproc script, used to switch to the 

context of a process with a known process ID: 
- 

0t99$<setproc 

V-. 


The body of setproc is: 


- - 

S 

.>4 


*nproc>l 


*proc>f 


$<setproc.nxt 



J 


The body of setproc, nxt is: 

' —— 

(* «f+0t42)&0xffff)="pid "D 
,#(((*(<f+0t42)sOxffff))-<4)$<setproc.done 

<f+0tl40>f 

,#<!$< 

$<setproc.nxt 

_ j 


The process ID, supplied as the parameter, is stored in the variable <4, the 
number of processes is placed in <1, and the base of the array of process struc¬ 
tures in <f. Then setproc . nxt performs a hnear search through the array 
until it matches the process ID requested, or until it runs out of process stmctures 
to check. The script setproc . done simply establishes the context of the pro¬ 
cess, then exits. 
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Standard Scripts 



Here are the command scripts currently available in /usr/lib/adb,: 
Table 8-1 Standard Command Scripts 


Standard Command Scripts 

Name 

Use 

Description 

buf 

addr$<hnf 

format block I/O buffer 

callout 

$<callo'ut 

print timer queue 

clist 

flddr$<clist 

format character I/O linked list 

dino 

addr$<d3.no 

format directory inode 

dir 

addr$<d±x 

format directory entry 

file 

addr$<fLle 

format open file structure 

filsys 

addr$<fxlsys 

format in-core super block structure 

findproc 

indproc 

find process by process id 

if net 

addr$<LfnBt. 

format network interface structure 

inode 

addr$<inode 

format in-core inode structure 

inpcb 

addr$<Lnpcb 

format internet protocol control block 

iovec 

flrfrfr$<iovec 

format a list of iov structures 

ipreass 

addr$<i-pTea.ss 

format an ip reassembly queue 

mact 

addr$<raa.ct 

show active list of mbuf's 

mbstat 

$<inbst.a'b 

show mbuf statistics 

inbuf 

addr$<xx)buf 

show next list of mbuf's 

itibuf s 

addr$<aiibu fa 

show a number of mbuf's 

mount 

addr$<xaount. 

format mount structure 

pcb 

addr$<pcb 

format process context block 

proc 

addr$<proc 

format process table entry 

protosw 

arfrfr$<protosw 

format protocol table entry 

rawcb 

addr$<xa.Mtcb 

format a raw protocol control block 

rtentry 

addr$<rt€intrY 

format a routing table entry 

rusage 

addr$<rvi8ag& 

format resource usage block 

setproc 

pjd$<setproc 

switch process context to pid 

socket 

addr$<socket 

format socket structure 

stat 

addr$<8tat. 

format stat structure 

tcpcb 

addr$<tcpcib 

format TCP control block 

tcpip 

addr$<tcpi.p 

format a TCP/EP packet header 

tcpreass 

fldrfr$<tcpreass 

show a TCP reassembly queue 

text 

addr$<t&xt 

format text structure 

traceall 

$<'traceall 

show stack trace for all processes 

tty 

addr$<tty 

format tty structure 

u 

addr$<a. 

format user vector, including pcb 

uio 

addr$<xi±o 

format uio structure 

vtimes 

addr$<vt Imes 

format vtimes structure 
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8.3. Generating adb You can use the adbgen program to write the scripts presented earlier in a way 

Scripts with adbgen that does not depend on the structure member offsets of referenced items. For 

example, the text script given above depends on all printed members being 
located contiguously in memory. Using adbgen, the script could be written as 
follows (again it is really on one line, but broken apart for ease of display):.PL 
FULL 

'---^-V 

tinclude "sys/types.h" 
tinclude "sys/text.h" 

text 

./"daddr"n{x_daddr,12X}n\ 

"ptdaddr"16t"size"16t"caddr"16t"ipt r"n\ 

{x_jtdaddr,X}{x_size,X}{x_caddr,X}{x_iptr,Xln\ 

"rssize"8t"swrss"8t"count"8t"ccount"8t"flag"8t"slptim"8t"poip"n\ 
{x_r3size,x} {x_swrss,x} {x__count,b} {x_ccount,b}\ 

{x_flag,b}{x_slptime,b}{x_poip,x}{END} 


The script starts with the names of the relevant header files, while the braces del¬ 
imit structure member names and their formats. This script is then processed 
through adbgen to get the adb script presented in the previous section. See 
Chapter 7 of this manual for a complete description of how to write adbgen 
scripts. The real value of writing scripts this way becomes apparent only with 
longer and more complicated scripts (the u script for example). When scripts are 
written this way, tiiey can be regenerated if a structure definition changes, 
without requiring people to calculate the offsets. 

8.4. Summary The extensions made to adb provide basic support for debugging the SunOS ker¬ 

nel by eliminating the need for a user to carry out virtual-to-physical address 
translation. A collection of scripts has been written to format the major kernel 
data structures, and aid in switching between process contexts. This was carried 
out with only minimal changes to the debugger. 
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Generating adb Scripts with adbgen 


/usr/lxb/adb/adbgen file.a^h ... 

This program makes it possible to write adb scripts that do not contain hard¬ 
coded dependencies on structure member offsets. After generating a C program 
to determine structure member offsets and sizes, adbgen proceeds to generate 
an adb script. 

The input to adbgen is a file named file . adb containing adbgen header infor¬ 
mation, then a nuU line, then the name of a stmcture, and finally an adb script. 
The adbgen program only deals with one structure per file; all member names 
occurring in a file are assumed to be in this stracture. The output of adbgen is 
an adb script in file (without the . adb suffix). 

The header lines, up to the nuU line, are copied verbatim into the generated C 
program. These header lines often have #include statements to read in header 
files containing relevant stracture declarations. 

The second part of file.a.6h specifies a structure. 

The third part contains an adb script with any valid adb commands (see 
Chapter 6 of this manual), and may also contain adbgen requests, each enclosed 
in braces. Request types are: 

1) Print a stracture member. The request form is {member,format} where 
member is a member name of the structure given earlier, md format is 
any valid adb format request. For example, to print the p_pid field of the 
proc stracture as a decimal number, say {p_pid, d}. 

2) Reference a stracture member. The request form is { ^member, base } 
where member is the member name whose value is wanted, and base is an 
adb register name containing the base address of the stracture. For exam¬ 
ple, to get the p_j3id field of the proc stracture, get the proc stracture 
address in an adb register, such as <f , and say { *p_pid, <f}. 

3) TeU adbgen that the offset is OK. The request form is {OFFSETOK}. 

This is useful after invoking another adb script which moves the adb dot. 

4) Get the size of the structure. The request form is {SIZEOF}; adbgen 
simply replaces this request with the size of the stracture. This is useful for 
incrementing a pointer to step through an array of structures. 
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5) Get the offset to the end of the structure. The request form is { END }. This 
is useful at the end of a structure to get adb to align dot for printing the next 
structure member. 

By keeping track of the movement of dot, adbgen emits adb code to move for¬ 
ward or backward as necessary before printing any structure member in a script. 
The model of dof's behavior is simple: adbgen assumes that the first line of the 
script is of the form struct_address/adb text and that subsequent lines are of the 
form +/adb text. This causes dot to move in a sane fashion. Unfortunately, 
adbgen does not check the script to ensure that these limitations are met. How¬ 
ever, adbgen does check the size of the structure member against the size of the 
adb format code, and warns you if they are not equal. 

9.1. Example of adbgen If there were an include file x. h like this. 


r 

A 

Struct X { 

char *x cp; 

char x_c; 

int x_i; 

}; 

^_ 

J 


then the adbgen file (call it script. adb) to print it would be: 


#include ”x.h" 

X 

./"x cp”16t"x c‘'8t"x_i"n{x_cp,X} {x_c,C} {x_i,D} 

_ 

_ ) 

After running adbgen, tiie output file script would contain: 



./"x cp"16t"x c"8t"x i"nXC+D 


L 

__ J 

To invoke the script, type: 



x$<script 


V_ 

J 


The adbgen program generates warnings about structure member sizes not 
equal to adb format items, and complaints about badly formatted requests. The 
C compiler complains if you reference a non-existent structure member. It also 
complains about & before array names; these complaints may be ignored. 

9.3. Bugs in adbgen Structure members that are bit fields cannot be handled, because C wiU not give 

the address of a bit field; the address is needed to determine the offset. 


9.2. Diagnostic Messages 
from adbgen 
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Special Characters 
! adbverb, 90 
$ adb verb, 90 
/ adb verb, 90 
/ dbx command, 32 
: adb verb, 90 
“ adb verb, 90 
> adb verb, 90 
? adb verb, 90 
@ adb verb, 90 

0 

0 adb variable — last value printed, 90 

1 

1 adb variable — last offset, 90 

2 

2 adb variable —previous value of 1, 90 

9 

9 adb variable — cormt on last read, 90 

A 

adb address mapping, 96 
adb commands, 90 thru 96 
adb expressions, 88 thru 90 
adb variables, 90 

0 — last value printed, 90 

1 — last offset, 90 

2 — previous value of 1, 90 
9 — count on last read, 90 
b — data segment base, 90 
d — data segment size, 90 
e — entry point, 90 

m — magic number, 90 
s — stack segment size, 90 
t — text segment size, 90 
adb verbs, 90 thru 91 
!,90 
$, 90 
/, 90 
:,90 
=, 90 
>,90 
?, 90 


adb verbs, continued 
e,90 

RETURN, 90 

address mapping in adb, 96 
assign dbx coirunand, 27 

B 

b adb variable — data segment base, 90 
breakpoints in dbx, 27 thru 29 
buttons subwindow in dbxtool, 14 

c 

call dbx command, 31 
catch dbx command, 28 
clear conunand button in dbxtool, 16 
clear dbx command, 28 
command buttons in dbxtool, 16 thru 17 
clear, 16 
cent, 16 
down, 17 
next, 16 
print, 16 
print *,16 
run, 17 
step, 16 
stop at, 16 
stop in, 16 
up, 17 
where, 17 

command subwindow in dbxtool, 14 
commands in adb, 90 thru 96 
cont, 7 

cont command button in dbxtool, 16 
cont dbx command, 29 
core, 7 

D 

d adb variable — data segment size, 90 
dbx, 7 

dbx conunands 
/, 32 

assign, 27 
call, 31 
catch, 28 
clear, 28 
cont, 29 


- 117 - 





Index — Continued 


dbx commands, continued 
dbxenv, 36 
delete all, 28 
detach, 36 
display, 26 
dump, 27 
help, 35 
ignore, 29 
kill, 36 
next, 30 
nexti, 32 
quit, 36 
rerun, 29 
run, 29 
set,27 
set 81,27 
setenv, 36 
sh, 35 
source, 35 
status, 28 
step, 30 
stop at, 27 
stop if, 28 
stop in, 28 
stop, 28 
stopi, 32 
trace, 29 
tracei, 32 
undisplay, 27 
whati s, 27 
when at, 28 
when in, 28 
whereis, 27 
which, 27 

dbx machine-level commands, 32 thru 33 
dbx miscellaneous commands, 35 thru 36 
dbxenv dbx command, 36 
. dbxinit, 13 
dbxtool, 7 

dbxt ool command buttons, 16 thru \1 
clear, 16 
cont, 16 
down, 17 
next, 16 
print, 16 
print *, 16 
run, 17 
step, 16 
stop at, 16 
stop in, 16 
up, 17 
where, 17 

dbxtool options, 13 
dbxtool subwindows 
buttons, 14 
conunand, 14 
display, 14 
source, 14 
status, 14 

delete all dbx command, 28 
detach dbx command, 36 
di splay, 7, 

display data in dbx, 26 thru 27 


display dbx command, 26 
display subwindow in dbxtool, 14 
down command button in dbxtool, 17 
dump dbx command, 27 

E 

e adb variable — entry point, 90 
expressions in adb, 88 thru 90 

H 

help dbx command, 35 

I 

ignore dbx command, 29 

K 

kill dbx command, 36 

M 

m adb variable — magic number, 90 
machine-level dbx commands, 32 thru 33 
miscellaneous dbx commands, 35 thru 36 

N 

name data in dbx, 26 thru 27 
next,7 

next command button in dbxtool, 16 
next dbx conunand, 30 
nexti dbx command, 32 

o 

options 

dbxtool, 13 

P 

print, 7 

print command button in dbxtool, 16 
print dbx command, 26 

Q 

quit dbx command, 36 

R 

rerun dbx command, 29 
RETURN adb verb, 90 

run command button in dbxtool, 17 

run dbx command, 29 

running programs in dbx, 29 thruZX 

s 

s adb variable — stack segment size, 90 
scrolling in dbxtool, 15 
s et dbx command, 27 
s et 81 dbx command, 27 
setenv dbx command, 36 
setting breakpoints in dbx, 27 thru 29 
sh dbx command, 35 
source dbx command, 35 
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source subwindow in dbxtool, 14 
status dbx command, 28 
status subwindow in dbxtool, 14 
step, 7 

step command button in dbxtool, 16 
step dbx command, 30 
stop, 7 

stop at command button in dbxtool, 16 

stop at dbx command, 27 

stop dbx command, 28 

stop if dbx command, 28 

stop in command button in dbxtool, 16 

stop in dbx command, 28 

stopi dbx command, 32 

T 

t adb variable — text segment size, 90 
trace dbx command, 29 
tracei dbx command, 32 
tracing programs with dbx, 29 thru 31 

u 

undi splay dbx command, 27 
up command button in dbxtool, 17 

V 

variables in adb, 90 

0 — last value printed, 90 

1 — last offset, 90 

2 — previous value of 1, 90 
9 — count on last read, 90 
b — data segment base, 90 
d — data segment size, 90 
e — entry point, 90 

iti — magic number, 90 
s — stack segment size, 90 
t — text segment size, 90 
verbs in adb, 90 thru 91 
!,90 
$, 90 
/. 90 
:,90 
=,90 
>,90 
?, 90 
0, 90 

RETURN, 90 

w 

what is dbx command, 27 
when at dbx command, 28 
when in dbx command, 28 
where, 7 

where command button in dbxtool, 17 
where! s dbx command, 27 
which dbx command, 27 
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